A weather app was trying to rip off South African users – and may have been stealing their data
- Security researchers say an app pre-installed on some Alcatel phones and popular on the Google Play Store tried to rip off users, and stole their data.
- The application com.tct.weather, known as "Weather-Simple weather forecast", also stole personal information.
- Activity from the rogue app was detected in several countries – including South Africa.
South Africans may have had their data depleted by a rogue weather app on Android phones that reportedly stole personal information, tried to sign users up to premium services, and pretended to be people clicking on ads.
The app, known as "Weather-Simple weather forecast", came pre-installed on some Alcatel phones and was downloaded more than 10 million times.
For at least several weeks in July and August 2018, security researchers say, the app used a range of techniques to defraud users, with its activity detected in Brazil, Malaysia, Nigeria, Egypt, Kuwait, Tunisia, and South Africa.
It was removed from the Google Play Store this month.
It is not clear how many South African users were affected, or how much data may have been stolen.
Technology company Upstream reported that its Secure-D platform, which helps mobile operators prevent fraud, blocked transaction attempts in South Africa.
Secure-D first detected the issue when an unusually high number of Alcatel Pixi 4 and A3 Max Android smartphones – models not widely available in South Africa – tried to initiate transactions in Brazil and Malaysia. The company says its investigations traced the attempts to the software package com.tct.weather, from TCL Corporation, a Chinese tech company that makes Alcatel and Blackberry phones.
Secure-D reached out to users, many of whom complained that their devices were overheating and that they had unexplained charges to their accounts. When the company tested some of their devices in a lab setting, it found that the weather app was sending personal information to servers in China, trying to bill customers for premium services, and interacting with ads.
"We recorded 50MB to 250MB of data per day being consumed by the application’s unwanted activity," says Secure-D in its report on the investigation.
The data was used invisibly in the background as the app clicked buttons on advertising sites.
TCL told the Wall Street Journal, which first reported on Secure-D's findings, that it was evaluating security consultants to validate the safety of its apps.
See the full report from Upstream systems: Secure-D uncovers pre-installed suspicious application com.tct.weather on Alcatel Android smartphones manufactured by TCL
Receive a single WhatsApp every morning with all our latest news: click here.
Also from Business Insider South Africa:
- This is how much you need to score in matric to get big bursaries from SA’s top universities
- We tried to join Patrice Motsepe’s new TymeBank – and it didn't go well
- From Sasol to Shoprite, these 8 groups still have 2019 university bursaries up for grabs
- These are the top South African unit trusts right now – and the biggest losers
- A major SA retailer is now selling citrus specifically for gin – and people are freaking out
- We compared fuel rewards programmes – and one saves you up to R7 per litre of petrol