Symantec warns against Android game Tap Snake

Security software company Symantec has warned of a seemingly harmless Android gaming app that allows users to be tracked in real time using their GPS data.

The free Android game Tap Snake is billed as “another modification of the Google Android Snake game”. Behind the scenes, however, the app records the user’s GPS coordinates every 15 minutes and uploads them to a server that can be accessed by another paid spy app called GPS Spy.

“GPS Spy then downloads the data and uses this service to conveniently display it as location points in Google Maps,” the Symantec advisory warns. “It can give quite a surprising insight into where someone wearing the phone has been.”

In its description of GPS Spy, which costs $ 4.99 to download, the manufacturer Maxicom even goes so far as to openly ask users to download Tap Snake on the phone they want to track, although the Tap Snake download page itself makes no mention of the hidden app. agenda.

“Download and install the free Tap Snake game from the Market on the phone you want to spy on. Press MENU and register the Snake with the service,” Maxicom orders. “Use the GPS Spy app on your phone with the same email / code to track the location of the other phone. Displays the last 24 hour track in 15 minute increments; data is retained for one week. “

According to Symantec, Tap Snake has been downloaded 1,000 to 5,000 times, while GPS Spy has been downloaded 100 to 500 times.

Although Symantec has called the app malicious for concealing its hidden features, the majority of consumers who have downloaded Tap Snake shouldn’t be concerned. In order for a phone to be tracked, the attacker would need physical access to the handset in question to copy the code provided by Maxicom when installing the app, which then needs to be entered into GPS Spy.

Additionally, Android notifies users of the features on their phone that an installed app wants to access, which theoretically makes it easy to spot when an app isn’t what it appears to be.

The Symantec advisory marks the second time in a week that the security of Android software has been called into question. Last week, another software maker, Kaspersky Labs, identified an SMS Trojan for the open source operating system that was found to send messages from infected mobiles to toll numbers.