Android fans need to be aware of a shocking security study which looks at a popular Google Play Store app that has been downloaded millions of times. VivaVideo describes itself as a ‘Pro Video Editor and Free Video Maker app’ on the Google Play Store, with the Android app being installed over 100million times and receiving over 12million reviews with an average 4.4 rating. However, security experts Upstream Systems have taken a closer look at the app and found something that may shock its millions of Android fans around the world.
Upstream Systems say their Secure-D platform identified over 20million “fraudulent transaction attempts” from VivaVideo since early 2019.
They added that these transactions could have resulted in $27million (over £20million) in fake charges for users of the Android app.
Upstream Systems said these “fraudulent” transactions came from VivaVideo users being signed up in secret to premium subscription plans.
The VivaVideo app allegedly sent invisible ads to users in an attempt to get them to sign-up to these paid-for plans.
Upstream Systems said their Secure-D platform has managed to block over 20million suspicious transactions from the VivaVideo app.
While they added that suspicious activity was detected in 19 countries, including the UK. Brazil was the heaviest hit region with over 11.5million dubious transaction attempts.
Express.co.uk has contacted VivaVideo for comment.
In their study online Upstream Systems said: “Upstream’s mobile security platform Secure-D identified that a popular Android app was responsible for over 20 million fraudulent transaction attempts that could have resulted in $ 27 million in fake charges for users. The VivaVideo app has been initiating premium subscription attempts, delivering invisible ads to users while avoiding detection by users.”
Besides trying to secretly sign users up to paid-for subscriptions, Upstream Systems said they discovered evidence of VivaVideo requiring unnecessary user permissions and containing a known ad fraud SDK (software development kit) that is banned by Google.
READ MORE: Google’s made a Play Store change that impacts all Android users
Upstream Systems went onto say: “Unless prevented by Secure-D platform, VivaVideo could have continued feeding on unsuspecting customers’ prepaid airtime, mobile data and ultimately money.
“During the monitored period, Secure-D blocked over 20 million suspicious mobile transaction requests, originating from over one million infected devices across 19 countries, with VivaVideo installed.
“If not blocked by Secure-D, every transaction attempt could have triggered premium services purchase, costing users in 19 countries over $27 million in unwanted charges.
“The actual fraud figure may be even higher as this estimate is based on Secure-D analysis and deployments on a small sample of total Internet traffic.”
The security experts also told Forbes that different versions of the VivaVideo app pose different levels of threat to a user.
DON’T MISS: Your Android phone could stop working if you don’t pay your bill, thanks to new Google app
The most recent builds of VivaVideo have removed its most dangerous modules, but still allegedly have suspicious techniques used to hide from security researchers.
Upstream Systems added: “If you have VivaVideo installed on your device, head to the Google Play store and update it to the latest version.
“To avoid getting played by predatory apps, Android users should always install apps from Google Play only and avoid any unverified marketplaces or direct links.
“However, mobile apps coming from legitimate sources can be compromised too. Before installing anything new on your device, be sure to: Check the app reviews on the marketplace and around the web.
“Review developer details and assess their credibility.
“Read the list of requested permissions and verify that all of them are actually needed for the app to work.”