Listed in the Play Store catalog for almost a year, the iRecorder Screen Recorder app delivered exactly the promised functionality, after which it suddenly started secretly recording users.
Just because an Android app has passed all of Google’s checks at some point doesn’t mean it’s completely harmless. Using executable code masking techniques, developers can slip in hidden functions that remain inactive until initiated by a secret command, or at a pre-specified time. The application can then covertly download malware from a remote server, or hijack existing functionality. iRecorder Screen Recorder is one such example, the application whose legitimate purpose is to record the screen with sound received in August 2022 an update that turned it into a real listening tool. Specifically, the app with 50,000 installs activated the phone’s microphone every 15 minutes, resulting in a minute of audio recording. The resulting files were then sent via encrypted connection to remote servers.
While the purpose of this feature isn’t immediately obvious, and the app was removed from the Play Store catalog anyway, the case actually illustrates a systemic problem for Google. Cases where apparently bona fide developers wait for several months or even years for applications published in the Play Store catalog to reach a certain level of popularity, only to “rob” users with sudden computer attacks, are much more common than we would be tempted to believe. Among the strategies used to maximize profits is also the posting of fake reviews that artificially increase the app’s visibility in the PlayStore catalog, at the same time masking the dissatisfaction expressed by the damaged users.
Both Google and Apple periodically announce the removal of rogue apps from managed stores, many of which were discovered only after they had infected the devices of millions of users. Unfortunately, in the absence of better solutions against these practices, the only thing left is the caution of not installing apps you don’t absolutely need, even if they come from official app stores.
