In association with heise online

17 August 2010, 14:53

Android game secretly transmits GPS coordinates

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom The Tap Snake game secretly sends GPS data to a remote server, but still displays the GPS notification.
Source: Symantec
In a post on their Connect blog, security specialist Symantec reports on a new trojan for Android that masquerades as a free Tap Snake game, while secretly transmitting GPS coordinates to a server in the background. These coordinates can then be retrieved and displayed in Google Maps via the GPS Spy Android app sold for €5 by the same vendor, Maxicom. According to Symantec, the Tap Snake process can't easily be killed and continues to run in the background.

However, Tap Snake and GPS Spy must be linked by entering specific data. This makes it impossible to launch tracking attacks without the potential attacker – such as a jealous partner – briefly having physical access to the (unlocked) target Android device.

Anyone innocently installing the game might have their suspicions aroused because it requests access to the GPS receiver – although this privilege is also requested by many other apps for no obvious reasons. Applications requesting privileges not actually required have caused unjustified suspicions on various occasions in the past.

Such suspicions were proved justified in the case of a certain media player. Last week, AV vendor Kaspersky sighted the first SMS trojan for Android. The malware disguises itself as a media player and, once installed, secretly sends out SMS messages to premium rate numbers.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit