But Aptoide also allows easy self-hosting of APK repositories for anyone who wants to upload their own-whether they're a user wanting to "back up" APKs which could disappear from the Play Store, or a developer hosting their own original software. Aptoide, for example, offers both its own main repository-which is curated, scanned, and appears to be as safe as the Play Store. However, the apparently silent linking from AppGallery to third-party app stores does introduce a genuine risk of device compromise.Īlthough Apkmonk, APKPure, and Aptoide are all reasonably well-known "alternate stores," they're less thoroughly curated than Google's own Play Store. We're not certain how much salt to take with the NCSC's specific "malware" findings since the agency did not reverse engineer any of the three apps VirusTotal didn't like-and antivirus false positives on less well-known apps happen with some regularity. The NCSC used VirusTotal to scan several apps installed via AppGallery and its linked third-party platforms, and it discovered potential malware on three: All in One social media, CNC Machinist Tapping Calculator, and "Messenger app, Light All-in-One, Live Free Chat Pro App." Third-party distribution platforms the NCSC found linked to AppGallery include but are not limited to Apkmonk, APKPure, and Aptoide. Software classes in these Xiaomi applications use MiAdBlackListConfig to analyze multimedia which might be displayed on the device and block that content if "undesirable" keywords are associated with it.Īlthough the NCSC discovered that the actual content filtering via MiAdBlackListConfig is disabled on phones registered in the European Union, the phones still regularly download the blocklist itself-and, the agency says, can be remotely reactivated at any time. In this file, the NCSC found 449 records identifying religious, political, and social groups. Several of the Xiaomi system applications on the Mi 10T 5G regularly download a file called MiAdBlackListConfig from servers in Singapore. The mobile phone number is sent whether the user ties it to a new cloud account or not, and the encrypted SMS is not visible to the user. The NCSC also found that the user's mobile phone number is silently registered to servers in Singapore via encrypted SMS message on activation of default Xiaomi cloud services. These statistics are encrypted and sent to Xiaomi servers in Singapore, a country which the NCSC notes is not covered by the EU's GDPR and has been tied to excessive data collection and abuse of user privacy. The NCSC found that Sensor Data's module collects statistics on 61 parameters related to application activity, including time of app activation, language used, and so forth.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |