Create a cybersecurity culture

Create a cyber
security culture

Empower staff says
Galix Networking exec.

Sunday, Jan 20th

Upstream’s Security Platform, Secure-D, Unveils Alcatel Smartphones Sold with a Suspicious App From TCL, Also Available on Google Play

Upstream’s security platform, Secure-D, unveils Alcatel smartphones sold with a suspicious app from TCL (Photo: Business Wire)Upstream has unveiled that Alcatel smartphones are sold with a suspicious pre-installed weather forecast app, also available on Google Play.

Jan. 10, 2019 10:29 UTC - London--(BUSINESS WIRE)-- Upstream, the technology company leading the mobile internet revolution in high growth markets, has unveiled that Alcatel smartphones are sold with a suspicious pre-installed weather forecast app, also available on Google Play.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190110005255/en/

Upstream’s security platform, Secure-D, detected suspicious activity initiated by an Android application named “Weather Forecast – World Weather Accurate Radar” in Brazil and Malaysia. This application was later found pre-installed on Pixi 4 and A3 Max devices from Alcatel, a brand owned by Nokia. The devices are manufactured under licence by Chinese electronics company TCL Corporation, a manufacturer of Alcatel and Blackberry branded mobile phones.

The application, which has since been removed, was also available on Google Play, with more than 10 million downloads, including those in the UK, USA and France. It claimed to provide “accurate forecasts and timely local weather alerts”. Despite user complaints, which were seemingly pushed down the ‘ratings and reviews’ section, the app had a 4.4 star rating.

When infected devices were tested by Secure-D, the app was found to collect and transfer users’ personal information to servers in China, including the user’s device ID, their email and location. Furthermore, it was found to behave like a typical malicious app, which attempts ad fraud, by loading pages with ads and clicking on them, as well as trigger subscriptions to premium services without user consent.

This activity, invisible to the users, was consuming up to 250MB of their data daily, which had a particularly adverse impact on consumers in emerging markets, where the cost of data is extremely high – for example, in Brazil 1GB costs the equivalent of 6h of work on minimum wage (vs. 30 min in Germany).

Guy Krief, CEO of Upstream commented: “The combined growth of smartphone penetration and mobile advertising is providing the ideal set-up to perpetrate ad fraud, mainly with mobile malware. This year only, an estimated $19 billion will be stolen through ad fraud, which can become payment fraud in emerging markets, affecting not only brands but also consumers’ wallet and privacy.”

Secure-D has detected and blocked over 3 million fraudulent transaction attempts generated by the “Weather Forecast – World Weather Accurate Radar” app across 7 markets. Had they not been blocked, these transactions would have translated into $1.5m fraudulent charges to users’ airtime in Brazil, Malaysia, Nigeria, South Africa, Egypt, Kuwait and Tunisia.

The application ranked among the top 5 weather apps in 30 countries, including the US, UK and France. It was the sixth most popular weather app in the UK and Canada, and ranked among the 20 most popular weather apps in the U.S in 2017.

For the full report on the investigation please click here.

Upstream has worked with The Wall Street Journal to bring this story to light. You can read their write-up here.

View source version on businesswire.com: https://www.businesswire.com/news/home/20190110005255/en/

Contacts

Alexi Foster
Diffusion PR NY
E: This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
P: 646-571-0120

Lucy Westman
Diffusion PR UK
E: This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
P: 0207-291-0230

ALSO ON ITWEB AFRICA

FinTech, 5G key to continued FDI in Africa Published on 14 January 2019

These markets are expected to generate more investment in an otherwise slower year expected for the continent, say analysts.

Forcepoint announces partnership with First Distribution Published on 17 January 2019

With this partnership, customers will now have greater access to Forcepoint's comprehensive range of cyber security solutions including Web, Mail, DLP, NGFW and CASB.

#RiversideAttack: Kenya deals with info fallout Published on 16 January 2019

Tech-savvy terror groups are using social media to spread their agenda, according to market researchers.