18,000 Android apps contain malicious code that Steals SMS messages

Android logoA Chinese mobile advertising platform is distributing a malicious SDK (Software Development Kit) that helps developers implement in-app purchases (IAPs) for Android apps. This SDK secretly steals all SMS messages that arrive on infected phones.

The SDK is being offered as a free download by Chinese company Taomike, and can be used to allow Android developers to create mobile apps that provide in-app purchases via SMS messages.

According to Palo Alto Networks, the security vendor that discovered the SDK, only recent versions of the SDK seem to contain the SMS stealing functionality. This version was released in August 2015.

Right now, Palo Alto has detected over 63,000 Android apps containing the Taomike SDK, but only 18,000 include the recent malicious version of the SDK.

18,000 Android apps contain malicious code that Steals SMS messages

The developers of these apps are unaware that the library they used to power IAPs is actually stealing SMS messages (text body and sender number) and then uploading them to one of Toamike's servers, more specifically to

As Palo Alto staff explains, only this URL is responsible for gathering SMS messages. Tying the URL to Toamike was easy because it was also used to host other API functions.

All affected apps seem to be created only by Chinese developers, and none of them seems to be distributed via Google's official Play Store.

At the moment, Palo Alto has not been able to determine from their analysis what Taomike is using the stolen SMS messages for.

This revelation comes just two days after Apple banned 256 apps from the App Store for including a similar "malicious" API, which was collecting private information from iOS users. This violated Apple's privacy and security policy.

Just like in this case, the API belonged to a Chinese advertising company. The company's name was Youmi.

Source: Softpedia

Tags: Android, security

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

GTX 1050 should hit 60FPS @ 1080p with no external power required
Samsung might be planning to ditch its smartphone strategy
Qualcomm also reveals three new midrange Snapdragon processors
Next-year's iPhone could represent a complete overhaul
New MacBook Pros and Airs expected, 11-inch Air could be retired
The iPhone 7 family of phones is selling better than that of the iPhone 6s
Intel reported a 9.1% rise in quarterly revenue
A mobile hotspot in Australia will be capable of hitting gigabit speeds on the go
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments