Cooktek, the developer behind the popular Android keyboard TouchPal, snuck adware into 238 apps. It took steps to obfuscate the adware, and when activated the ads appeared everywhere on your phone. For some people, it made their phone unusable.
Security firm Lookout recently discovered that the Chinese developer CooTek had been sneaking adware into many of its apps. CooTek is the developer behind TouchPal, a keyboard with over 100 million installs alone.
This particular brand of adware, provided through a BeiTaAd plugin, was particularly nasty in part because CooTek took steps to hide what it was doing. During the first 24 hours, and sometimes for the first two weeks, the plugin did nothing. But when it finally activated, ads began to show on the phone even with the app closed.
Complaints that calls, music, emails, and more were interrupted by obtrusive ads eventually piled up, but thanks to that waiting period, it was difficult to tell which app was the culprit. And that was precisely the point, by waiting you might install other apps before the ads appeared and blame the wrong app.
Thankfully, Lookout discovered the problem and reported it to Google, who swiftly took action. Offending apps were taken off the store, though some have been allowed back with the plugin removed.
It would be easy to blame this entirely on Google’s open ecosystem and wonder why the company didn’t find this itself (and that latter question is somewhat legitimate), but CooTek’s attempts to hide what it was doing helped it slip by testing. Just remember, if your phone starts acting weird examine all the apps you’ve installed, not just the most recent ones. [Tech Radar]
In Other News:
- Move over e-scooters rentals, here comes an electric bike: Bird, one of the companies behind many of the electric scooters you keep tripping over on the street, has a new ride-sharing product in the works—a bike. The Cruiser has a 52-volt battery, a padded seat for two, and an LCD to show trip progress. Stay safe friends, and wear a helmet. [VentureBeat]
- YouTube bans children from solo live-streaming: To protect children from predators on its platform, YouTube recently disabled comments on most videos featuring children. Now the company is expanding that step by barring young children from live-streaming without visible adult supervision. It may seem harsh, but if measures like this protect children, that’s a good thing. [Variety]
- Spotify takes a
stationpage from Pandora: If you love Pandora’s music recommendation stations, but prefer Spotify’s catalog, good news: Spotify is testing a similar service. Spotify’s stations (even the name is the same), curates similar music based on preference history and music styles. And just like Pandora, if you pay for Spotify, you lose the ads and gain unlimited skips. The test started in Australia and recently made its way to the United States. [MacRumors]
- Apple may kill off the Dashboard: If you want, you can download the beta for Apple’s latest MacOS update, Catalina, right now. (You shouldn’t, but you can.) Enterprising developers who did take the beta noticed straightaway that the Dashboard is completely removed (as opposed to disabled). If you used OS X, you might recognize the Dashboard as the widget center or “that stupid thing I accidentally launched—again.” Good riddance if you ask me. [AppleInsider]
- Microsoft thinks you smell bad, wants to make it worse: Lynx, otherwise known as Axe in the U.S., is partnering with Microsoft to make an Xbox body wash and spray. Adorned in the Xbox logos and traditional greens, the company says the spray will let you “power up” before leaving the house. Gross. [The Verge]
- Nintendo announces PokémonSword and Shield games: Pokémon is never going away, at least not so long as it continues to bring in bucketloads of money. Nintendo announced the next expansion in the franchise, Sword and Shield. New in this game? You can make your Pokémon giant sized. You know what they say about Pokémon games: Gotta buy ’em all. [Engadget]
- Skype gains screen sharing capability: How often have you tried to help a relative or friend find a setting on their phone when they called through that phone? “Too many” is probably the right answer. Skype wants to help you out with screen sharing. The new feature will let you see their screen and walk them through steps. Once you tell them how to install Skype, that is. [XDA developers]
- Researchers show proof-of-concept malware that mimics your typing: A few security companies have explored a method of identity verification through keyboard typing habits. The idea is simple: everyone types a little differently, so pay attention to how the keyboard is used to verify who is using it. But researchers have now shown concept malware that accurately mimics a targets keyboard strokes, fooling software designed to identify people. Security is always a game of escalation, unfortunately. [ZDNet]
Over seven years, scammers managed to steal 19 million dollars worth of iPhones. Even accounting for more recent $1000 iPhones, that’s a lot of phones.
The scammers put together a sophisticated network that comprised of multiple parts. Across 34 states, they used runners and grunts. The runners used stolen identities and fake documents to pose as buyers wanting to upgrade their phones. They naturally would choose a payment plan to get the iPhone for as low a price as possible.
Runners would travel out of state, retrieve the iPhone, and ship them back to the ring leaders, who referred to themselves as “Top Dogs.”
The most eye-popping detail isn’t how long they got away with this, or how many they stole, but how they the scam fell apart. An eagle-eyed employee working for one of the overnight shipment companies noticed the packages seemed suspicious.
Usually, when shipping a significant number of packages to a single address, an account with the shipping company is used, but cash or credit card was the method of payment here. And even though packages came from out of state, they listed New York as the return address.
At some point, the shipping company opened up 39 packages to find 253 phones. Further investigation revealed the rest, and investigators charged six individuals with mail fraud, conspiracy to commit mail fraud, and aggravated identity theft. Someone give that shipping employee a raise. [Gizmodo]