Official app stores (Play Store and AppStore) sometimes fail to detect potentially malicious developments available on their platforms. One case that has caught the attention of researchers and experts in ethical hacking is that of Shenzhen HAWK Internet, a Chinese company that secretly developed 24 popular apps (with more than 380 million downloads) noted because of invasive or malicious practices, including malware infections, rogueware and excessive request for permissions on the device. Behind Shenzhen HAWK, there is an even larger company, specializing in the development of electronic devices present in homes and businesses around the world.
On its official site, Shenzhen HAWK only recognizes having developed 13 apps, including camera filters, antivirus, weather forecasting services, among others, in addition to the set of pre-installed apps installed on Alcatel devices.
However, VPNpro researchers found that Shenzhen actually developed 24 other apps without publicly admitting it. In addition, on its website, Shenzhen HAWK recognizes to be a subsidiary owned by TCL Corporation, a major Chinese manufacturer of appliances, Internet-connected devices (smart TVs, smartphones and WiFi devices) and, in a lesser extent, software development. TCL Corporation has at least 52 subsidiaries worldwide and owns the licensing rights of Alcatel, BlackBerry, among other firms. In other words, all of these apps and devices are owned by TCL, as mentioned by ethical hacking experts.
The main controversy over this company is its close ties to the Chinese government, whose impulse was essential for the establishment of TCL as a large transnational corporation. China is one of the countries with the most privacy issues for Internet and technology devices users; according to ethical hacking experts, the Communist Party of China requires companies operating on its territory to access information stored on their servers, which must also be hosted in the Asian country.
One of the apps noted by these practices is Weather Forecast (with more than 100 million downloads), which contains malware to collect user data; the extracted information is sent to a server in China. In addition, thousands of users who installed this app were subscribed to Premium services without their consent, generating significant revenue for developers. A similar case is that of Virus Cleaner, which was identified by various intelligence agencies as a “spyware or some similar tool”. The problem increases considering that the apps developed by TCL are pre-installed on millions of smartphones, smart TVs, among other devices, so they do not even depend on users deciding to install a junk app.
Although not all apps developed by this company are infected with malware, most ask for unnecessary permissions for its installation, which is a clear indication of anomalous activity. For example, Virus Cleaner asks the user for permission to access call history, contact list, location data, camera activation, and even external storage reading and writing.
According to the ethical hacking specialists of the International Institute of Cyber Security (IICS), all apps developed by TCL and Shenzheng HAWK are still available in Play Store, so users are advised to avoid downloading and installing them, at least until Google decides what to do with these malicious apps and its developers.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.