A weather app was trying to rip off South African users – and may have been stealing their data

Business Insider SA
Secure D, TCL weather app,
(Google Play screenshot via Secure-D)
  • Security researchers say an app pre-installed on some Alcatel phones and popular on the Google Play Store tried to rip off users, and stole their data.
  • The application, known as "Weather-Simple weather forecast", also stole personal information.
  • Activity from the rogue app was detected in several countries – including South Africa.

South Africans may have had their data depleted by a rogue weather app on Android phones that reportedly stole personal information, tried to sign users up to premium services, and pretended to be people clicking on ads.

The app, known as "Weather-Simple weather forecast", came pre-installed on some Alcatel phones and was downloaded more than 10 million times.

For at least several weeks in July and August 2018, security researchers say, the app used a range of techniques to defraud users, with its activity detected in Brazil, Malaysia, Nigeria, Egypt, Kuwait, Tunisia, and South Africa.

It was removed from the Google Play Store this month.

It is not clear how many South African users were affected, or how much data may have been stolen.

Technology company Upstream reported that its Secure-D platform, which helps mobile operators prevent fraud, blocked transaction attempts in South Africa.

Secure-D first detected the issue when an unusually high number of Alcatel Pixi 4 and A3 Max Android smartphones – models not widely available in South Africa – tried to initiate transactions in Brazil and Malaysia. The company says its investigations traced the attempts to the software package, from TCL Corporation, a Chinese tech company that makes Alcatel and Blackberry phones. 

Secure-D reached out to users, many of whom complained that their devices were overheating and that they had unexplained charges to their accounts. When the company tested some of their devices in a lab setting, it found that the weather app was sending personal information to servers in China, trying to bill customers for premium services, and interacting with ads.

"We recorded 50MB to 250MB of data per day being consumed by the application’s unwanted activity," says Secure-D in its report on the investigation.

The data was used invisibly in the background as the app clicked buttons on advertising sites.

TCL told the Wall Street Journal, which first reported on Secure-D's findings, that it was evaluating security consultants to validate the safety of its apps.   

See the full report from Upstream systems: Secure-D uncovers pre-installed suspicious application on Alcatel Android smartphones manufactured by TCL

Receive a single WhatsApp every morning with all our latest news: click here.

Also from Business Insider South Africa: