Google has pulled a battery monitoring app from its app store after security researchers discovered that hackers could have used it to send malicious text messages.
The Register reports that Google accepted the BatteryBot Pro app onto the Google Play Store, meaning that Android users were able to download and use the app. But researchers from Zscaler Research looked into the app and found some worrying things happening in the background.
The app asked for full permission to manage a smartphone, which a normal battery monitor app doesn't need.
Researchers dug into the free app's files and found that the BatteryBot Pro app could have been used to hijack a smartphone and send text messages. When users tried to check their battery level (which is what the app is meant to do) it sent premium rate text messages, charging the bill to the user.
Google provided this statement to Business Insider about the app:
While we don’t comment on specific apps, we can confirm that our policies are designed to provide a great experience for users and developers. That’s why we remove apps from Google Play that violate those policies.
Here's what researchers found when they dug into the app's source code. It asks for permission to send text messages, make calls, and download files in the background:
It also secretly downloaded other pieces of malicious software in the background, and was able to do so because users had given it full permission to access their smartphones.
The battery app even managed to stop users deleting it. Zscaler Research says that the app made it impossible to uninstall. And even if a user did manage to get the app off their phone, it secretly downloaded more software in the background.
Google has now removed the app from its Android app store, according to The Register.
On February 28, Axel Springer, Business Insider's parent company, joined 31 other media groups and filed a $2.3 billion suit against Google in Dutch court, alleging losses suffered due to the company's advertising practices.
