When you download a beauty camera app, you’re probably expecting it to add a makeup or cartoon filter on your face for more interesting selfies, or just to clean up some lower-quality pictures you took. What you are not expecting is these apps to scrape and sell your data, plague you with nonstop, malicious ads, redirect you to phishing websites, or even spy on you.
But that’s exactly what some of the top beauty camera apps have been found guilty of doing. The CyberNews team has tested some of the top beauty camera apps available in the Google Play Store and came up with a list of 30 of those apps that flaunt the rules and infest smartphones with all sorts of privacy and security breaches.
Those 30 apps have been downloaded a total of 1.4 billion times over the years. Some of these apps have different names but have been created by a small number of app developers. Some have already been flagged by antivirus companies for sending users pornographic content, redirecting them to phishing sites, and collecting their pictures.
One of the camera apps in the list, Beauty Camera by Phila AppStore, even used the camera resources on the smartphone without asking for permission. Other permission that weren't needed for the software to function were scanning contacts list, access to GPS location, using the device's microphone.
The team searched on Google Play with the keyword “beauty camera” and checked the trustability of these apps, based on the amount of dangerous permissions they’re asking for, the location of the app developers and any history of malware, spyware, vulnerabilities, or unethical practices.
The top-ranked app developer Meitu, with more than 300 million installs, had apps identified as malware, violating Google’s ad policies, or secretly collecting data with the purpose of selling it, according to reports on CNET and other publications.
App developers can make lots of money by selling this your data to advertisers. Location-sharing agreements between app developers and app brokers – where apps can send your GPS coordinates up to 14,000 times per day – can bring in a lot of revenue. With just 1,000 users, app developers can get $4/month. If they have 1 million active users, they can get $4,000/month. And that’s from just one broker. If they work with two app brokers with similar payouts, and have at least 10 million active monthly users, they could stand to make $80,000/month. With more dangerous permissions given by the user, they will get more sensitive data, which means they’ll make more money.
Even seemingly different companies sometimes seem to be offering similar application types: camera, music, flashlight and weather apps. And while they have different names, these apps from different developers all have the same privacy policies stored in the same Internet domain. This lead the CyberNews group to conclude that app developers Coocent, KX Camera Team and Dreams Room are all from the same group and they are based somewhere in China.
The privacy group warns that these are non-essential apps and recommend caution when deciding whether or not to download those apps, reminding that the top-ranked apps are created by developers with spotty reputations, outright malicious behavior, or using unethical practices.