You are here: Home Blog ClearView IT A Classic Example of Why You Should Only Allow Trusted Apps to Access Your Data

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

A Classic Example of Why You Should Only Allow Trusted Apps to Access Your Data

Security ClearView IT Blog
0 Comments
A Classic Example of Why You Should Only Allow Trusted Apps to Access Your Data

If your employees are given an Android device to use for work, or if they bring in their own as a part of a Bring Your Own Device strategy, you may want to pay special attention to what follows.

Google has just removed a piece of malware that managed to make its way into the listings of the Google Play Store. Disguised as a strategic card game called “Beaver Gang Counter,” the malware seemed at first glance to be a harmless enough app to download as a way to pass some time every now and then. This impression unfortunately turned out to be inaccurate for a few different reasons.

Why Was it a Threat?
First, the app itself reportedly was a bit of a one-trick pony, losing any of its entertainment appeal very swiftly. Of course, what do you do with an app that you’ve grown bored with and no longer want? You delete it to make room for other apps that you will have more use for, but not before the malware comes into play.

The disguised malware would specifically target those whom also had Viber, the vastly more popular communications app, installed on their device. Once the Beaver Gang Counter app was installed, the malware would access the directories contained in Viber as well as uploading any of the user’s Viber images to an external website.

Google has since removed Beaver Gang Counter from the Play Store, and thus far it seems that little damage was done. However, the entire situation asks the question: how did this happen?


There were ultimately a number of factors that led to Beaver Gang Counter having the ability to access files belonging to another app; an ability that the Android platform is supposed to block. However, the security measures put in place by Android do nothing to prevent the review of data saved on the SD removable storage.

Due to the expectation of inter-device compatibility that comes with SD cards, the inter-app file sharing that Android usually blocks is left unfettered in the SD storage, depending on the permissions granted at install. Therefore, if assigned to SD memory (as it would have been in almost all cases), Beaver Gang Counter could potentially access any and all data saved to the SD. Instead, the malware developers had simply chosen to target Viber users specifically.

However, there’s an excellent case to be made that the app should never have reached the Google Play storefront at all, and that Google’s review process seems to need some work.

Upon opening the app, you are brought to the game’s main menu screen, with the following options: Help, Players, Statistics, and the all-important "New Gane”. Yes, you read that right. "New Gane". There was a spelling mistake, right there on the most important element of the main menu, visible from the download screen itself, that Google either missed or disregarded without digging any deeper.

 

What Does this Mean for My Business?
While Beaver Gang Counter didn’t target anything that would likely damage a business if the malware infiltrated a business-provided or BYOD device, it really makes one consider how many other apps may be out there that could potentially cause harm to a business through similar actions. The only truly clear lesson to be learned from this story is that Google isn’t infallible, and so they cannot be relied upon to defend your company from all threats that are sent through their systems. Ultimately, it falls to you to pick up the slack, and as such, you should implement the following best practices.

  • Steer clear of unknown apps: If nobody online is talking about an app, there’s a better chance that it is a less safe option (and that’s the best case scenario). Avoid utilizing unknown and unreviewed apps on business devices. Furthermore, despite their failure to catch Beaver Gang Counter, Google’s marketplace for apps is still much safer than the unregulated Android marketplaces that are out there.
  • Keep important data on your actual device: Clearly, Android prioritizes the protection of data on its native storage over that of data stored on removable media. Therefore, you should keep this in mind as you elect where to store data and keep critical files on the device itself.
  • Set terms for employee devices: This will admittedly be simpler to enforce with company-provided devices, as BYOD relies on the employee using their own property and therefore a device that they have control of. While you may disable non-company approved apps in devices provided by the company, you may have to take a few extra steps if implementing a BYOD policy. A mandatory security solution may be a fair term for an employee wishing to use their own device, as well as required security best practice training.

By implementing these practices, you just may be able to keep an issue like this one from affecting your company sometime down the line.

For more IT news and best practices, be sure to keep check our blog, and be sure to reach out to ClearView IT if you have any questions about your own security. Give us a call at 866-326-7214.

Tweet
Tags:
Apps Malware Google
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 05 May 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Network Security Privacy Data Cloud Business User Tips IT Support Internet Hardware Innovation Malware Email Hosted Solutions Efficiency Workplace Tips Computer Microsoft Google Collaboration Android Cybersecurity Business Management Phishing IT Services Backup Ransomware Data Backup communications Smartphone Smartphones Small Business Microsoft Office Upgrade Mobile Devices Network Managed IT Services Communication Data Recovery Productivity Quick Tips Social Media VoIP Users Mobile Device Tech Term Automation Windows 10 Facebook Business Continuity Covid-19 Disaster Recovery Passwords Holiday Apps Browser Windows 10 Managed Service IT Support Miscellaneous Cloud Computing Outsourced IT Internet of Things Managed Service Provider Remote Work Data Management Government Saving Money Operating System Networking Gadgets Windows Workplace Strategy Artificial Intelligence Managed IT services WiFi Blockchain Bandwidth Encryption Mobile Device Management Business Technology App Information Remote Virtualization Spam Server Budget Gmail Office Apple Employee/Employer Relationship History Two-factor Authentication Information Technology Office 365 Cybercrime Wi-Fi Conferencing BDR Big Data Health Access Control Analytics Data Security Patch Management Compliance Remote Monitoring Help Desk Hacking Cost Management IT Management Employer-Employee Relationship Vendor Training Document Management Hacker Voice over Internet Protocol Remote Computing Save Money Firewall Managed Services Augmented Reality Data loss Word Project Management BYOD IBM Website Computing Vendor Management Hard Drive Search... Best Practice Applications Retail Alert Legal Vulnerabilities Data storage Hiring/Firing Money Outlook Mobile Office Customer Service Password Unified Threat Management Free Resource Social Engineering Cryptocurrency Paperless Office Chrome Antivirus Black Market Maintenance iPhone Cleaning How To Education Cortana Robot Content Filtering Mobile Computing Marketing Websites Router Mobility Meetings Running Cable The Internet of Things Data Breach YouTube Google Maps Storage Twitter Scam Law Enforcement Laptop End of Support Windows 11 Printer VPN Monitoring Healthcare Update User Remote Workers Sports Travel Social Windows 7 SaaS DDoS Virtual Reality Office Tips Virtual Private Network Private Cloud Memory Telephone Current Events Disaster Physical Security PowerPoint Excel Solutions Administration Politics Machine Learning Settings Lithium-ion battery Presentation Integration Images 101 Start Menu Specifications Display Solid State Drive Downloads Computer Care IT Consultant Virtual Assistant Processors Vulnerability Customer Relationship Management Employees Avoiding Downtime Co-Managed IT Chromebook Software as a Service Drones Data Protection Entertainment Automobile Holidays Processor Cooperation How To Video Conferencing Wireless Technology Microchip Flexibility eWaste Virtual Machines Computer Repair Downtime Tech Terms Multi-factor Authentication HIPAA Professional Services Hack Safety Identity Theft Notifications Managed IT Digital Unified Communications Virtual Desktop Saving Time Google Docs Experience Bluetooth Taxes Managed Services Provider Computers Bitcoin Distributed Denial of Service Term Google Apps Download Piracy Staffing Audit IP Address Spyware Telework HTML Nanotechnology Communitications Microsoft 365 Cables Botnet Browsers Smartwatch File Sharing Google Play Micrsooft Upload Procurement Inbound Marketing Software License Rental Service Redundancy Flash Cache Social Network FinTech Screen Reader IT Assessment Point of Sale Telephone Systems Unified Threat Management Data Analysis CES Business Growth Workers Security Cameras Competition Trends Supply Chain Management Mobile Technology Value Recovery Shortcuts Printing Customer Resource management Organization CCTV Electronic Payment Devices Cyber security Smart Devices Tip of the week LiFi Banking Touchscreen Fileless Malware Entrepreneur Google Wallet Application Deep Learning Gamification Remote Working Computer Malfunction Company Culture Documents Messenger Emergency Phone System Be Proactive Vendor Mangement Telephone System AI Business Intelligence Regulations Trend Micro Backup and Disaster Recovery Electronic Health Records Transportation Business Metrics Directions Digital Security Cameras Hosted Solution Samsung Uninterrupted Power Supply Content Webcam Desktop Wasting Time Securty Books Modem Workplace Strategies Domains Language Business Mangement Electronic Medical Records Society Accountants eCommerce Database Surveillance Videos Tablets Reading Monitors Visible Light Communication Managing Costs Computer Accessories SSID Google Calendar Health IT Windows 8 Supercomputer Equifax Tactics Development Hard Drive Disposal Employer/Employee Relationships Virus Media Relocation Public Speaking Displays Username Advertising Motion Sickness Virtual Machine Freedom of Information Smart Technology Streaming Media Comparison Work/Life Balance Google Drive Reviews Tech Support Startup Optimization Keyboard Addiction email scam Teamwork Navigation 2FA Knowledge Hard Drives Corporate Profile Data Storage Mobile Security Hypervisor News Medical IT In Internet of Things Television Telephony User Tip Shopping intranet Employer Employee Relationship Legislation Shortcut Network Congestion Cabling Network Management Troubleshooting SQL Server Wireless Hacks Evernote Paperless Reliable Computing Heating/Cooling Writing Tablet PCI DSS Environment G Suite Licensing Fake News Supply Chain Windows XP Mouse VoIP Proxy Server Gig Economy Social Networking Tracking Emails Humor Business Communications Service Level Agreement Internet Service Provider Computing Infrastructure Azure Scalability Management Regulations Compliance Web Server Device security Managed IT Service Wireless Headphones Memes Microsoft Excel Workplace Administrator SharePoint Text Messaging Proactive IT Digital Payment Tech Human Resources Worker Going Green Net Neutrality Business Owner Business Cards Bring Your Own Device Access Error Financial Data IT Scams Time Management Bookmark Risk Management Music Public Cloud

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here