I'm still unsure of Tik Tok but below is pretty clear cut re: Pinduoduo. It was a Chinese cyber team that found it in Feb. Its just weird that such a popular app can contain malicious stuff that was clearly out of the norm, and Google didn't catch it.
I always assumed Apple and Google scan the apps for things that look unusual but know "bad" apps can still get downloaded. I wonder if Apple, Google can team up with these cyber security companies. Pay them a % of fees to provide differing levels of certification, transparency & warn on risk levels of the apps. Pass the costs to the app developers and tier it based on downloads or such.
I've heard (and believe true) Apple does a better job than Google. One reason why I stay with Apple and don't do anything sensitive with my travel Android phone.
Pinduoduo: One of China's most popular apps has the ability to spy on its users, say experts | CNN Business
Quote:
It is one of China’s most popular shopping apps, selling clothing, groceries and just about everything else under the sun to more than 750 million users a month.
But according to cybersecurity researchers, it can also bypass users’ cell phone security to monitor activities on other apps, check notifications, read private messages and change settings.
|
Quote:
The researchers found code designed to achieve “privilege escalation”: a type of cyberattack that exploits a vulnerable operating system to gain a higher level of access to data than it’s supposed to have, according to experts.
“Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones,” said Hyppönen.
:
Toshin found Pinduoduo to have exploited about 50 Android system vulnerabilities. Most of the exploits were tailor made for customized parts known as the original equipment manufacturer (OEM) code, which tends to be audited less often than AOSP and is therefore more prone to vulnerabilities, he said.
|