Popular app could cost you big bucks operating secretly in the background
Anyone who’s been on the internet long enough knows that file-sharing always comes with a certain amount of risk. Whether you’re downloading an attachment, following a link, or using legally dubious peer-to-peer software, you’re opening your computer up to a number of threats when you drop your defenses and grab files from the web.
That said, file-sharing is still extremely popular. In fact, one of the most popular apps on the Google Play Store is 4shared, a free program that allows users to easily swap or share files with one another. As of now, the app boasts over 100 million downloads and can be found on Android phones the world over.
But not all is as it seems with 4shared. A previous version of the app was found to be running a strange number of processes under users’ noses. This version of 4shared would run in the background — opening invisible advertisements and subscribing to paid services without users knowing! Could this innocuous app have charged you money without permission?
4shared’s dodgy update hid a terrible secret
In a recent story published by Techcrunch, security researchers found that a previous version of the popular 4shared app contained a suspicious third-party code that seemed to automate advertisements, clicks, and signups without a user’s knowledge or permission.
While running in the background, the app would display and engage with invisible advertisements and click on them — sometimes even subscribing to paid services without any warning or notification!
Related: Check your apps! Malicious mobile game caught stealing sensitive data
This, in turn, generated millions of dollars in fraudulent revenue for the third-party code’s creators. The China-based company, which goes by Elephant Data, is relatively scant on information about itself.
However, reviews for the company have painted them as “scammers” and “data collectors.” The parent company of 4shared claims to not be working with Elephant Data any longer, but does make a reference to them in their privacy policy, but doesn’t state specifically what Elephant Data does, or its purpose in the app.
How can users protect themselves from 4shared’s background activity?
Right now, 4shared doesn’t seem to pose a threat to users. The app mysteriously disappeared from the Google Play Store in April 2019 and was replaced soon after by a new version with the mysterious third-party code removed. This version can be downloaded safely, and currently boasts millions of active users.
If you have the program installed on your device, however, it might be wise to delete it. If you happened to download 4shared when the compromised version was hosted on the Google Play Store, the third-party code might be present without your knowledge. Deleting the app and downloading the latest version of 4shared will make sure it poses no threat to your system.
Alternatively, you could choose to avoid 4shared. Since file-sharing already tends to cross into some legal grey areas, many of these apps can be risky to use from the get-go.
µTorrent — one of the most popular file-sharing apps on the web — had a version that installed cryptocurrency mining software without telling users, for example. And that’s not even including the potential legal risks, malware threats, and hacker problems that can emerge with file-sharing.
To keep yourself safe when downloading apps, always check the reviews to see what others are saying. If a program has many reviews and a high star rating, it’s probably safe. A high star rating with a low amount of reviews, however, is a red flag. Stay on the safe side of things, and you shouldn’t have any malware on your phone — let alone invisible ad trackers. Stay safe out there!