Google Pulled Down Famous Android Apps with 5.8 million Downloads that stole Facebook Password

Google is still working hard to remove the famous Android apps from the Google Play Store that were violating major privacy rules and regulations. According to ars Technica, nine android apps have been removed, that were using sneaky methods of stealing Facebook login credentials from users by providing them services like photo editing and framing, horoscope telling, removing junk files from Android devices, and tips and techniques of exercising and training. Doctor Web, a Russian security firm, confirms that all these apps, which had as many as 5.8 million combined downloads, were using the same JavaScript code and configuration file formats to pass the information.  

These Android apps tricked the users by directing them to the Facebook login page and loaded the JavaScript from the command server, which in return passed all the credentials to the app (and thus the command server). These apps also stole cookies from the authorization session. Surprisingly, in each case, Facebook was the main target along with some other internet services.  

Google clarified that it banned all these developers from the Play Store, which means that they will not produce any app in the future. Although, this approach is not encouraging as these perpetrators can make these types of apps again by creating a new account. Google uses an automated screening technique that prevents these malware attacks. It looks there are some loopholes in the system that help the attackers to pass these defenses and slide the Facebook data into the wrong hands. It will be safe if the users become more careful while downloading these utilities from unknown developers, no matter how famous their app is.