Bitdefender Clueful exposes Android spies
Bitdefender Clueful is designed to warn Android users about apps that put their privacy at risk. Available free of charge, the app checks whether any of a user's installed programs are known to transmit smartphone numbers to advertising networks or cause push-message spam. Clueful establishes this by querying one of BitDefender's servers; it doesn't analyse the apps on the smartphone.
The core component of Bitdefender's database is the privileges that are requested by each app. The developers say that this information is complemented by a code analysis that can, for instance, flag up suspicious activities. In a brief tests by The H and heise Security, the app did produce informative results. Clueful sorts apps according to three risk levels; most of the apps tested were put into the "Moderate Risk" category because they read the phone's SMS text message inbox or its address book. In heise Security's testing, three apps were placed in the "High Risk" category. According to Clueful, they create advertising links on the home screen, send the smartphone user's email address to advertising networks and display spam in the notifications bar.
When a new app is installed, Clueful will automatically display a rating in the notifications bar. Those who frequently install new apps could soon find themselves wishing that warnings were only displayed when a new addition has a high-risk rating. Manually searching the database of Android apps is currently not an option.
Bitdefender released an iOS version of Clueful last year but had to remove it from the App Store; no reason was given for the removal, but it is believed that iOS apps are not allowed to examine other apps outside its own sandbox. Since the removal of the app, the database has been available for online queries.