In the past few years, smartphone cameras have come a long way. Third party camera apps are a growing trend, in both android app development and iOS app development. However, camera applications with billions of downloads worldwide could be stealing data and infecting malware.
A user probably expects a third-party app to add makeup or add a cartoon filter for more interesting selfies or simply to just clean up pictures that are of lower quality. Users definitely do not expect or are not aware that these third-party apps could steal and sell personal data, redirect to phishing sites, and spy on the user, and plague users with malicious ads. But some of these third party camera apps actually have been found guilty of doing that.
Third-Party Camera Apps
Applications that are built by some other developers than that of the manufacturer of the device or the operating system are called third-party apps. App development companies for instance or individual developers create numerous android applications. Moreover, those manufacturers also build apps for their own devices or known as first-party or ‘native’ applications. However, a great majority of available apps are third-party applications.
Checking the Trustability of Third Party Camera Apps
Based on research on the trust-ability of third-party camera apps, the following were analyzed:
1. More than half of the beauty camera applications are based in China or Hong Kong.
2. There are three separate developers that seem to be run by only one group. They may have a connection to applications that were discovered in the past to contain a widely spread Trojan.
3. One app does not ask permission to use the camera but turns it on anyway without permission.
4. One application developer was discovered to install malware via its software.
5. Another application was accused of sending pornographic content to users, collecting their pictures, or redirecting them to phishing sites.
6. Unnecessary permissions such as using GPS, recording audio, and looking at the phone statuses of users.
7. Meitu is a top-ranked application developer that has more than 300 million installs that had applications discovered as malware. This violates Google’s ad policies or collects data in secret.
The Riskiest Third-Party Camera Applications
The following are just some of the riskiest third-party camera apps.1) Beauty Camera, a selfie camera
2) Beauty Selfie Plus, wonder HD camera
3) BeautyPlus, an Easy Photo Editor and Selfie Camera app
5) Beauty Camera,
6) Beauty Camera Plus, Sweet Camera, and Makeup Photo
7) Selfie Camera, Beauty Camera, and Photo Editor
8) Sweet Snap
9) YouCam Perfect
10) Candy Cam, a beauty camera and photo editor app
11) Photo Editor
12) Sweet Selfie Snap, sweet camera, and beauty cam snap
13) Bestie, a 360 beauty cam
14) Makeup Camera
The application developer behind BeautyPlus is Meitu Limited from China. It has been called out in the past for gathering and selling the data of users to companies for better ad targeting in a secret manner. Furthermore, the developer was blamed for sending the phone’s unique identifier or the IMEI already to numerous China servers.
The Hong Kong-based developer iJoysoft has had some of its software either directly or via bundling connected to malware. Through the YouTube Video Converter software, the VideoConverterHD adware is installed and could slow down the performance of the device drastically, taking over the screen with ads that are difficult to close and even injecting harmful code into the registry editor in the computer.
Another application developer Lyrebird Studio that’s Istanbul-based and the maker of Beauty Makeup, Photo Editor and Selfie Camera Effects was identified in a research made by Trend Micro to be one of the many applications that send pornography content to users and redirect them to malicious phishing websites or collect their pictures.
Dangerous Permissions That Third-Party Camera Apps Request
Obviously, third-party camera apps require a couple of dangerous permission to function. One is a Camera for taking pictures and write-storage to save the image edited. However, it was discovered that the applications are requesting an average of five dangerous permissions and one application asking for 7 dangerous permissions. What are these dangerous permissions?
- Thirteen applications want to access your GPS location
- One application wants the ability to scan the contact list
- Twenty-three apps want microphone access
- Ten applications want access to coarse locations, via WiFi networks and cell towers
- Twenty-nine applications want camera access
- Thirty applications ask for the ability to write files to your device
- Twenty-nine apps want to read files on your device
Thus, it becomes critical to ask and analyze why a beauty camera application would want to record audio, go through your contacts list or track your GPS location.
What the Applications Want With All Your Data
Looking at the problems in the past that these application developers have had with the collection of data, the answer is pretty obvious, and that’s money. Application developers could make plenty of money by selling a user’s data to advertisers. Agreements on location-sharing between app developers and app brokers in which applications could send GPS locations up to 14,000 times a day could bring in plenty of revenue.
Taking into consideration the dangers and risks of these popular third-party camera applications, it is imperative to note the following:
These are non-essential applications and thus, always practice caution on deciding whether to download these apps or not at all. Always keep in mind that these apps are not necessary because they do not provide crucial functionality. Top-ranked applications are built by developers with shady reputations, using unethical practices and outright malicious behavior. It is in the best interest to entirely forego these apps and delete them immediately.
Downloading an application from insecure or unofficial websites increases ransomware malware risk, Trojan viruses, and spyware that could infect your device. A hacker, in a worst-case scenario, could even take complete control of the mobile device. There are more dependable, bigger applications out there with the same features, have a clearer ownership structure, and are more accountable, such as Instagram, Snapchat, and Messenger.