October 31, 2014

Snakes on a Phone

Everyone knows and loves the now famous “snake” game that was on every cell phone back in the day.  You could while away the hours moving that dot snake trying to beat your previous high score, so it makes sense that the game would pop up on the Android Market right?

Well, don’t go rushing to download snake, because there is a snake app out there called “Tapsnake” that you should be avoiding. 

The app in question is actually a cleverly disguised tracking application, that installs itself on your phone, then runs itself in the background even if you are not playing the game.  The app then every 15 seconds reports your location without telling you.  Even if you reboot your phone, the app starts itself right back up in the background.

Of course, the million dollar question is, “Where does the app send the location information?”.  The answer?  To a second app called GPS Spy that is hooked into Tapsnake.  The apps were made to be in conjunction with each other.

The attacker in this case would have to have physical access to your phone, install Tapsnake, then link it to the Spy Gps app, but if you already have it installed, it is that much easier.

Upon being informed about this issue, Google removed the Tapsnake app, but it still available via 3rd party methods.  If you see this app on your phone, watch out!