Google Play has started recording users without their knowledge

An Android recording app called iRecorder Screen Recorder started out as an innocent screen recording app but turned evil almost a year after it was first released. As detailed by Ars Technica. The app was first released in September 2021, but after updating the following August, it began recording a minute of audio every 15 minutes and forwarding those recordings, through an encrypted link, to the developer’s server. Everything documented in blog post From researcher Lukas Stefanko Basic Security Against Evolving Threats (ESET).

In the post, Stefanko said the app was updated in August 2022 to include malicious code “based on the AhMyth Android RAT (Remote Access). The app had 50,000 downloads by the time it was reported and removed from the Play Store.” Stefanko added that apps containing AhMyth is embedded in it Bypass Google filters before.

Scam apps are nothing new to the Apple or Google app stores. Recording apps can be particularly nasty, sometimes with predatory subscription prices and fake reviews to exaggerate their visibility on those platforms. And Stefanko’s blog post highlights one particularly sticky issue: Apps turn to the dark side after a while, using the permissions you initially granted them to collect sensitive information from your device and pass it on to the developer for nefarious activities.

That particular app is gone, but what’s stopping another sleeping agent from activating on your phone? Google is at least working on updates that will tell you via monthly notifications that, and when, apps have changed their data-sharing practices — if they detect it, that is.