You are here: Home Blog ClearView IT A Classic Example of Why You Should Only Allow Trusted Apps to Access Your Data

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

A Classic Example of Why You Should Only Allow Trusted Apps to Access Your Data

Security ClearView IT Blog
0 Comments
A Classic Example of Why You Should Only Allow Trusted Apps to Access Your Data

If your employees are given an Android device to use for work, or if they bring in their own as a part of a Bring Your Own Device strategy, you may want to pay special attention to what follows.

Google has just removed a piece of malware that managed to make its way into the listings of the Google Play Store. Disguised as a strategic card game called “Beaver Gang Counter,” the malware seemed at first glance to be a harmless enough app to download as a way to pass some time every now and then. This impression unfortunately turned out to be inaccurate for a few different reasons.

Why Was it a Threat?
First, the app itself reportedly was a bit of a one-trick pony, losing any of its entertainment appeal very swiftly. Of course, what do you do with an app that you’ve grown bored with and no longer want? You delete it to make room for other apps that you will have more use for, but not before the malware comes into play.

The disguised malware would specifically target those whom also had Viber, the vastly more popular communications app, installed on their device. Once the Beaver Gang Counter app was installed, the malware would access the directories contained in Viber as well as uploading any of the user’s Viber images to an external website.

Google has since removed Beaver Gang Counter from the Play Store, and thus far it seems that little damage was done. However, the entire situation asks the question: how did this happen?


There were ultimately a number of factors that led to Beaver Gang Counter having the ability to access files belonging to another app; an ability that the Android platform is supposed to block. However, the security measures put in place by Android do nothing to prevent the review of data saved on the SD removable storage.

Due to the expectation of inter-device compatibility that comes with SD cards, the inter-app file sharing that Android usually blocks is left unfettered in the SD storage, depending on the permissions granted at install. Therefore, if assigned to SD memory (as it would have been in almost all cases), Beaver Gang Counter could potentially access any and all data saved to the SD. Instead, the malware developers had simply chosen to target Viber users specifically.

However, there’s an excellent case to be made that the app should never have reached the Google Play storefront at all, and that Google’s review process seems to need some work.

Upon opening the app, you are brought to the game’s main menu screen, with the following options: Help, Players, Statistics, and the all-important "New Gane”. Yes, you read that right. "New Gane". There was a spelling mistake, right there on the most important element of the main menu, visible from the download screen itself, that Google either missed or disregarded without digging any deeper.

 

What Does this Mean for My Business?
While Beaver Gang Counter didn’t target anything that would likely damage a business if the malware infiltrated a business-provided or BYOD device, it really makes one consider how many other apps may be out there that could potentially cause harm to a business through similar actions. The only truly clear lesson to be learned from this story is that Google isn’t infallible, and so they cannot be relied upon to defend your company from all threats that are sent through their systems. Ultimately, it falls to you to pick up the slack, and as such, you should implement the following best practices.

  • Steer clear of unknown apps: If nobody online is talking about an app, there’s a better chance that it is a less safe option (and that’s the best case scenario). Avoid utilizing unknown and unreviewed apps on business devices. Furthermore, despite their failure to catch Beaver Gang Counter, Google’s marketplace for apps is still much safer than the unregulated Android marketplaces that are out there.
  • Keep important data on your actual device: Clearly, Android prioritizes the protection of data on its native storage over that of data stored on removable media. Therefore, you should keep this in mind as you elect where to store data and keep critical files on the device itself.
  • Set terms for employee devices: This will admittedly be simpler to enforce with company-provided devices, as BYOD relies on the employee using their own property and therefore a device that they have control of. While you may disable non-company approved apps in devices provided by the company, you may have to take a few extra steps if implementing a BYOD policy. A mandatory security solution may be a fair term for an employee wishing to use their own device, as well as required security best practice training.

By implementing these practices, you just may be able to keep an issue like this one from affecting your company sometime down the line.

For more IT news and best practices, be sure to keep check our blog, and be sure to reach out to ClearView IT if you have any questions about your own security. Give us a call at 866-326-7214.

Tweet
Tags:
Apps Malware Google
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 05 July 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Privacy Network Security Data Cloud Business User Tips IT Support Internet Hardware Innovation Email Hosted Solutions Malware Efficiency Workplace Tips Computer Microsoft Google Collaboration Android Cybersecurity Business Management Phishing IT Services Backup Data Backup Ransomware communications Smartphone Small Business Microsoft Office Upgrade Smartphones Mobile Devices Network Communication Data Recovery Managed IT Services Productivity Quick Tips VoIP Social Media Users Mobile Device Tech Term Automation Windows 10 Business Continuity Facebook Covid-19 Disaster Recovery Passwords Holiday Apps Managed Service Windows 10 IT Support Browser Cloud Computing Outsourced IT Miscellaneous Data Management Remote Work Internet of Things Managed Service Provider Government Saving Money Operating System Gadgets Networking Workplace Strategy Windows Artificial Intelligence Managed IT services Bandwidth Encryption Server Mobile Device Management App Virtualization Remote Blockchain Spam WiFi Information Business Technology Budget Gmail History Office Two-factor Authentication Employee/Employer Relationship Apple Office 365 Information Technology Cybercrime Wi-Fi Big Data Access Control Data Security Health Analytics Conferencing BDR IT Management Save Money Compliance Training Vendor Help Desk Employer-Employee Relationship Hacking Patch Management Cost Management Remote Monitoring Remote Computing Hacker Document Management Voice over Internet Protocol Managed Services Augmented Reality Applications Word IBM Vulnerabilities Search... Website BYOD Best Practice Computing Vendor Management Retail Hard Drive Alert Hiring/Firing Data loss Outlook Project Management Legal Password Money Customer Service Data storage Unified Threat Management Mobile Office Firewall Travel Free Resource Virtual Reality Google Maps Social Engineering Mobile Computing iPhone Scam Cryptocurrency Education Cortana How To Black Market Marketing Content Filtering Cleaning Running Cable VPN Robot Monitoring Router Update Healthcare Storage The Internet of Things Windows 11 YouTube Paperless Office Antivirus Laptop Twitter Maintenance User Law Enforcement End of Support Printer Chrome Websites Remote Workers Sports Social Mobility Meetings SaaS DDoS Windows 7 Data Breach Bluetooth Virtual Private Network Administration Processor Disaster Distributed Denial of Service Office Tips Presentation Private Cloud Memory Current Events Specifications IT Consultant Solutions Lithium-ion battery Customer Relationship Management Tech Terms Images 101 Integration Multi-factor Authentication Politics Co-Managed IT Processors Machine Learning Settings Display Entertainment Managed IT Digital Solid State Drive Saving Time Employees Taxes Avoiding Downtime Computers Bitcoin Holidays Chromebook Drones Telephone Wireless Technology Automobile Cooperation HIPAA eWaste Video Conferencing Physical Security How To Excel Virtual Machines Downtime Microchip Computer Repair Safety Flexibility Start Menu Professional Services Downloads Computer Care Virtual Desktop Experience Hack Virtual Assistant Identity Theft Notifications Vulnerability Unified Communications Managed Services Provider Software as a Service Data Protection PowerPoint Google Docs Equifax Google Calendar Google Apps Supercomputer Health IT Electronic Payment Tactics Hard Drive Disposal Virus Music Telework Smartwatch Communitications Motion Sickness Username Microsoft 365 Be Proactive Startup Comparison Freedom of Information Google Drive Procurement Navigation Recovery Addiction Botnet Phone System Competition email scam FinTech Micrsooft CES Corporate Profile IT Assessment Mobile Security Rental Service Workplace Strategies Knowledge Legislation Entrepreneur Television News Flash Telephony Supply Chain Management Employer Employee Relationship LiFi User Tip Value Evernote Cyber security Documents Network Management Application Telephone Systems Business Growth Organization Cabling Tablet Smart Devices G Suite Business Intelligence Emails Computer Accessories Mouse Fake News VoIP Remote Working Tracking Proxy Server Trend Micro Securty Service Level Agreement Computing Infrastructure Banking Google Wallet AI Smart Technology Deep Learning Digital Security Cameras Electronic Health Records Web Server Management Transportation Domains Device security Messenger Wireless Headphones SharePoint Microsoft Excel Digital Payment Wasting Time Worker Tech eCommerce Going Green Modem Business Cards Business Metrics Hosted Solution Videos Access Surveillance Error Books Language Time Management Society Public Cloud Bookmark Managing Costs Term Download SSID Public Speaking Piracy Supply Chain Audit Monitors Media Spyware Visible Light Communication Development Streaming Media Employer/Employee Relationships Troubleshooting HTML Reading Nanotechnology Keyboard Windows 8 File Sharing Browsers Virtual Machine Google Play Optimization Upload Hard Drives Software License Redundancy Reviews intranet Workplace Displays 2FA Cache Advertising Social Network Teamwork Relocation Wireless Screen Reader Shortcut Work/Life Balance Unified Threat Management Tech Support Data Storage Workers Data Analysis Hypervisor Security Cameras Trends Medical IT Heating/Cooling Mobile Technology Environment Shopping Social Networking Scams Printing Paperless CCTV Windows XP Customer Resource management SQL Server Business Owner Devices In Internet of Things Tip of the week Touchscreen PCI DSS Fileless Malware Licensing Gig Economy Humor Computer Malfunction Gamification Company Culture Hacks Emergency Network Congestion Cables Writing Business Communications Vendor Mangement Internet Service Provider Telephone System Azure Regulations Reliable Computing Managed IT Service Backup and Disaster Recovery Regulations Compliance Samsung Directions Uninterrupted Power Supply Memes Webcam Content Desktop Point of Sale Human Resources Business Mangement Net Neutrality Electronic Medical Records Inbound Marketing Accountants Scalability Staffing Database Administrator Text Messaging Proactive IT Financial Data Tablets Risk Management IT IP Address Bring Your Own Device Shortcuts

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here