Is “Remove China Apps” application safe to use?

Is “Remove China Apps” application safe to use?

Recent days, I am seeing many people sharing about a mobile application that detects China Apps and remove them.

OneTouch labs claims ownership for this application says that this is built only for educational purpose.

OneTouch Labs Privacy Statement:

This application is being developed for educational purposes only to identify the country of origin of a certain application(s), we do not promote or force people to uninstall any of the application(s).

Detecting the country of origin is based on the market research but we do not guarantee for any correct/wrong information, so users should act only at their own will.

Vulnerability Analysis:

Since we see millions of people installing this app opposing Chinese applications installed on their devices.

Hence decided to test the vulnerability of this application and found multiple vulnerabilities

“Remove China Apps” application is vulnerable to known Exploits

CVE-2018-3987 – CVSS 3.0 Score 5.5

When a file gets deleted using file.delete(), only the reference is being deleted which leaves it vulnerable to recovery in future. An attacker can easily recover all the deleted files, especially from rooted devices

CVE-2017-16835 – CVSS 3.0 Score 7.5

Attacker or anyone can easily access the backups of any sensitive data on android devices through ADB backup utility

CVE-2018-6599 – CVSS 3.0 Score 5.5

Attackers can obtain any information such as text message content by reading a copy of the Android log on the SD card.

CVE-2015-6630 – CVSS 2.0 Score 4.3

App is not protected against the screenshot captures and screen sharing, exposes the users to leakage of their information and lack of screen blurring which also data leakage

And found few more low-level vulnerabilities which are letting the application to run on rooted devices & emulator and insecure data storage

Suggestion:

We should not risk ourselves by installing another vulnerable third-party App which could leak our sensitive data

If our intention is to remove Chinese Apps, we can look-up the apps installed in our Mobile devices using basic google search and remove them manually if they belong China or any region which we are not interested in.

References:

Quixxi Vulnerability Report
https://cve.mitre.org/

 

by
Prabhakaran CP

Share

Leave your comments here...

Recent posts

How to Enable or remove Two Way Authentication for Azure portal

How to Enable or remove Two Way Authentication for Azure portal

  • 19 June, 2021
CORE JAVA TRAINING (LATEST VERSION)

CORE JAVA TRAINING (LATEST VERSION)

  • 29 October, 2020
Angular 10 Project In Azure DevOps CI/CD With Azure Repos or GitHub And Hosting In Azure App Service – Part Three

Angular 10 Project In Azure DevOps CI/CD With Azure Repos or GitHub And Hosting In Azure App Service – Part…

  • 29 October, 2020
Angular 10 Project In Azure DevOps CI/CD With Azure Repos and Hosting In Azure App Service – Part Two

Angular 10 Project In Azure DevOps CI/CD With Azure Repos and Hosting In Azure App Service – Part Two

  • 6 August, 2020
Angular 10 Project In Azure DevOps CI/CD With Azure Repos and Hosting In Azure App Service – Part One

Angular 10 Project In Azure DevOps CI/CD With Azure Repos and Hosting In Azure App Service – Part One

  • 6 August, 2020
Is “Remove China Apps” application safe to use?

Is “Remove China Apps” application safe to use?

  • 13 May, 2020
Angular 9 and Typescript with Azure Devops CI/CD Online Live Training

Angular 9 and Typescript with Azure Devops CI/CD Online Live Training

  • 13 May, 2020
Wildfly and Eclipse IDE Setup

Wildfly and Eclipse IDE Setup

  • 1 January, 2020
H2 Database Setup

H2 Database Setup

  • 1 January, 2020
Hibernate Demo – Learn Hibernate in One Demo

Hibernate Demo – Learn Hibernate in One Demo

  • 1 January, 2020