New report from DataVisor reveals cybercriminals are increasingly targeting mobile channels to commit fraud, with 90% of mobile fraud originating from Android devices.
Some privacy vault apps on Google Play Store are used as remote backdoor to harness devices for fake clicks in ad fraud scheme and to exfiltrate user data and files.
Nearly 10,000 Android apps are found with a variety of undocumented backdoor abilities such as remotely resetting user passwords and blocking users from loading certain types of content.
API that provides list of Android apps installed on a device may allow advertisers to fingerprint users' demographic information and track what they access on the internet.
Researchers used PolicyLint app to parse through privacy policies of 11,430 Android apps and found self-contradictory language in user data collection practices on 1,618 of them.
According to cyber security firm Check Point Software Technologies, Android app makers are still not patching old security flaws, some of which date back to 2014.