You are here: Home » Companies » News
Business Standard

Google detects app that can steal your photos and Facebook, WhatsApp data

Tizi steals sensitive data from social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, Telegram

Press Trust of India  |  New Delhi 

google, google logo

has detected an app 'Tizi', which has been stealing information from call records and also from apps like Facebook, WhatsApp, and also take pictures from mobile phones without even displaying them on the screen of the device.

"is a fully featured backdoor that installs spyware to steal sensitive data from popular applications. The Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities," a post on security blog said.

The company has removed the app from Play Store, notified all known affected devices and suspended the account of the app developer, the post dated November 27 said.

The post said that earlier variant of did not have rooting capabilities but it developed later on and thereafter started stealing sensitive information from devices.

"The rooting capabilities give an app full control of the device. It can bypass all restriction posted on it by the security system. An app with rooting is like a user using the device. Presence of such app on Play Store raises concerns about secure apps on the app store," cybersecurity expert Jiten Jain said.

The post said that after gaining rooting capability, steals sensitive data "from popular apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and "

The backdoor capability of was common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype, sending and receiving SMS messages, and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps

"apps can also record ambient audio and take pictures without displaying the image on the device's screen," the post said.

The post said that in and after April 2016 vulnerabilities in devices which could have been affected by were fixed with new software codes.

"If a app is unable to take control of a device because the vulnerabilities it tries to use are all patched, it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls," the post said.

First Published: Wed, November 29 2017. 21:56 IST