Unofficial Android iMessage app can steal info and download malware
Posted on 24.09.2013
Android users who have dreamed about being able to use iMessage, Apple's proprietary and free messaging solution, have been pleasantly surprised by the iMessage Chat for Android being offered for download on Google Play.


It works as advertised, and poses as a Mac mini when it connects to Apple’s iMessage server.

But, according to 9to5Mac, researchers and software developers are warning against its use.

For one, it hasn't been created by Apple, but by a third-party developer named Daniel Zweigart, who may or may not have malicious intentions.

Secondly, the messages users send or receive via this app are first processed by a server located in China, then forwarded to Apple's server.

Thirdly, to use the app, they have to either sing in with their Apple ID or create a new Apple account and then sign in - meaning that these login credentials will be handed over to - and could possibly be stored and abused - by Zwigert.

Last but not least, the app apparently has the ability to download additional APK code without the user's knowledge - meaning that it could also download malware.

At this point, I wonder how come Google hasn't yet detected and removed the potentially malicious app from their official Android store. But even if it does, third-party online Android app markets will probably welcome it.

Users are advised to avoid using the app until more details about it are known and foul play is ruled out.

UPDATE: Google has removed the app from Google Play.





Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //