Free download link of AND-401 practice exam and Dumps files

killexams.com sample test are the must for transferring the Android AND-401 exam. We all have gathered true test AND-401 questions, which usually are updated along with especially replica through the real exam, plus checked by sector specialists. Those men and women who do not really have time to get you to research AND-401 ebooks, just sign up and download quickest AND-401 Latest Questions and get searching forward to examination.

Exam Code: AND-401 Practice test 2022 by Killexams.com team
AND-401 Android Application Development

EXIN Agile Scrum Foundation offers professionals a unique certification that combines agile principles and scrum practices. The test tests candidates on their understanding of key concepts and their application.

Main subjects
Agile Way of Thinking
Scrum practices
Scrum Planning and Estimation
Monitoring Scrum Projects
Advanced Scrum Concepts

Agile Scrum Foundation is designed to test a professionals fundamental understanding of agile principles and scrum methodology. It is especially useful for those leading or participating in projects. This certification is especially interesting for professionals who work in areas including project management, software development, IT service management and business management.

Android Application Development
Android Application education
Killexams : Android Application education - BingNews https://killexams.com/pass4sure/exam-detail/AND-401 Search results Killexams : Android Application education - BingNews https://killexams.com/pass4sure/exam-detail/AND-401 https://killexams.com/exam_list/Android Killexams : Urgent warning as 300,000 Android owners infected by dangerous app – and it’s bad news if you have Facebook

FACEBOOK users have been warned about a login stealing hack that's thought to have affected more than 300,000 Android users.

A dodgy trojan called Schoolyard Bully was found lurking in a number of apps available on the Google Play Store as well as third party app stores, according to experts at Zimperium zLabs.

This isn't any ordinary Facebook login screen...

1

This isn't any ordinary Facebook login screen...Credit: Zimperium

The apps are usually disguised as innocent tools related to education.

But actually they try to get hold of your Facebook login details.

Unsuspecting victims can find their email address, phone number, password, ID and name stolen as a result.

They pull it off by using a Facebook login feature within their apps.

Fortunately, Google has now removed the apps caught doing it.

Most of the victims were located in Vietnam.

That's because the apps are all in Vietnamese, so you need not worry unless you've downloaded an app in the language recently.

Experts believe more than 300,000 devices were caught out from across 71 countries.

"The actual number of countries could be more than what was accounted for because the applications are still being found in third-party app stores," Zimperium zLabs said.

Most read in Phones & Gadgets

"To ensure your Android users are protected from the trojan malware, we recommend a quick risk assessment."

A Google spokesperson told The Sun: “The apps identified have been removed from Google Play.

“We take security and privacy seriously, and when we find apps that violate our policies, we take action.”

It's worth doing a quick scan with any antivirus protection apps you have.

There's also Google's free Google Play Protect which alerts you to any dodgy apps that you've downloaded.

Here's what Google Play protect does...

  • Checks Google Play store apps for safety before download
  • Checks for non-Play store apps that may be harmful
  • Warns you about harmful apps
  • Deactivates or removes harmful apps
  • Warns you about apps that violate policy by hiding or misrepresenting themselves
  • Sends you privacy alerts about apps that can use permissions to access your personal data
  • Reset app permissions to protect your privacy

Of course, Google's protection feature might not catch all instances of bad behaviour – so you still need to be careful online.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...



We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk


Mon, 05 Dec 2022 02:30:00 -0600 Jamie Harris en-gb text/html https://www.thesun.co.uk/tech/20658410/android-warning-app-stealing-facebook-login/
Killexams : The 6 Best Smartphone Apps for Children With Autism © Provided by MUO

The Google Play Store is flooded with apps for children to enjoy, but many are designed for entertainment and early learning. There is an underserved population of children, though, that has another set of needs: children with autism.

For the parents of these children (and I am one of them), it can be a struggle finding digital resources to help your children learn about the complex world around them. So we’ve selected some of the best Android or iPhone apps you can use below.

Apps for Communication (AAC)

For some children on the spectrum, communication can be a difficult process, but there are still ways they can build familiarity with words and when to use them. One way is with AAC: Augmentative and Alternative Communication. Those children with language production or comprehension issues can use AAC to replace or help verbally communicating with others.

1. Card Talk

Close

This app allows a child to build a “deck” of 200 flashcards with words, then play their audio in the order they’re chosen. There are several word groups at the bottom—including actions and questions—and word choices in the middle. A child selects three cards to build simplified sentences for everyday communication, and there are helpful pictures for each card to make card selection even easier for children learning how to read.

Other features you should find useful are support for other languages, creating cards using pictures taken from the device, and absolutely no ads to distract your child.

There are some limitations to what Card Talk offers, though. Since the interface is restricted to using three cards at a time, your child would be limited in what they can communicate. If their thoughts require more than three cards, they would have to swap out cards regularly to get more complex ideas across.

Also, even though there are several language options to choose from, each language is limited to the same voice. There are no options for different pitches, speeds, or accents, so you’ll have to settle for the stock voice that is available for each language.

Download: Card Talk for Android | iOS (Free)

2. Leeloo AAC

Close

While Card Talk focuses on simple word tiles to communicate, Leeloo AAC focuses on simple one-word cards that take you to scripted sentences. The beauty of this app is how simple it starts, but each card expands to more specific sentences. Your child can choose the word “toilet” and receive seven related statements and questions, such as “Can you help me go to the toilet?” or “Can you help me clean?”

There are gorgeous symbols for each of the cards as well, with a much more cohesive style than that of Card Talk’s pictures. This app also provides male and female voices with UK, US, and Indian accents. This way, your child may feel more ownership over what they’re trying to say, instead of feeling like the app is speaking for them.

One drawback, though, is that there is only one speed for all voices, and it might be too fast for some, requiring a child to repeatedly press the word or conversation buttons. Another feature that could be seen as an issue is that the app speaks during menu navigation, so there could be some confusion for the listener. For example, if a child wants to know when they’re going to bed, they first play the word “Sleep,” then the question “When am I going to sleep?”

Download: Leeloo AAC for Android | iOS (Free, in-app purchases available)

Apps for Fine Motor Skills

Children on the spectrum may also require therapy for fine motor skills. They may have difficulty using a writing utensil or tying their shoes as a result. Luckily, there are activities they can do in school and at home to practice these skills. There is a limited amount of apps specific to this activity, but here are the best options.

3. Train Your Brain. Coordination

Close

Don’t let the company name, Senior Games, fool you; this is an app that caters to players of all ages. This app has six mini-games to choose from, which include 30 levels each. The games involve timing, balancing the phone angle, spatial awareness, and patience. They are fairly simple, with minimalist yet attractive graphics, so children and adults will be able to enjoy them.

The Path with Obstacles game is considerably challenging, since it involves moving a ball through an obstacle course using nothing but the phone’s gyro sensor. This is a great option for parents to use as part of a reward system or for breaks between learning activities.

The one issue that many users have with this app, though, is its constant ads, which seem to pop up in full screen between every level or game. These ads lead to apps unrelated to Train Your Brain, and this means it shouldn’t be used without parent supervision. One quick tap could bring your child to an app that you may find unsuitable for them. Though the price to remove apps is a reasonable $3.00, this can still be a real turn-off.

Download: Train Your Brain for Android | iOS (Free, premium version available)

4. Khan Academy Kids

This app may be more similar to academic learning with its free courses, but the included activities provide much more than that. Children are able to practice tracing letters, connecting pairs by drawing lines, collecting moving insects, and even dropping and picking up bath toys from a tub. These activities scale depending on your child’s age, and they’re able to retrace their steps and choose an activity they’ve completed before if they like.

The only downside to this app is that it’s not specific to children with autism, and its focus on motor skills is minimal compared to what it offers for primary-school education. Because of its broad scope of activities, it’s also harder to focus on activities for fine motor skills, and children are able to bounce around the app without supervision. Though it offers quite a package for a free resource, fine motor skills are not directly addressed.

Download: Khan Academy Kids for Android | iOS (Free)

Apps for Social-Emotional Learning

There are several social challenges for children on the spectrum—regulating emotions, understanding social cues, and executive functions, to name a few—but, with routine therapy and accommodations in the classroom, these children can learn to thrive in social situations. There are exceptional apps that can help focus on these social-emotional skills.

5. Otsimo | Special Education

Close

This is an all-in-one suite of applications—from cognitive-skill games to a built-in AAC! Otsimo has much to offer children and parents, and is backed by ABA (Applied Behavior Analysis) standards. This app provides a “learning path” similar to other educational programs, but it focuses on skills needing reinforcement for children with learning or developmental impairments.

The activities and focuses change depending on a child’s progress through that path. If a child is not only on the spectrum but challenged by other related disorders, such as ADD, the activities can help children address those together.

Though the app is free to download, a hefty subscription is needed to enjoy all its features. Luckily there are multiple subscription models if you find the free app lacking.

Download: Otsimo for Android | iOS (Free, subscription available)

6. AutiSpark

Autispark includes over 200 learning games for children, including games to enrich emotional understanding, sound recognition, and learning yes and no. There is also an option to include worksheets for offline fun, in case your child needs a break from technology or you want them to experience more diversity between activities.

This app has technical backing from therapists and special educators, so you can feel assured that the cognitive- and motor-skills activities will benefit their child.

Access to all these tools, however, is also behind a subscription paywall. There is just one subscription model, too: $59.99 for a year. This may be a steep price to pay for some families, and the free trial might not be enough to gauge whether this app is right for a child.

Download: AutiSpark for Android | iOS (Free, subscription available)

Which App Is Right for Your Child?

In order for your child to develop, they need the right tools, and support from any of these apps will be beneficial. A subscription-based app might be a great resource for your child, but options like Khan Academy Kids might offer all they’ll really need for free. If paying a subscription isn’t an issue, though, the ABA-backed Otsimo might be the best option, since it provides such a robust list of activities and programs.

Thu, 01 Dec 2022 08:00:16 -0600 en-US text/html https://www.msn.com/en-us/news/technology/the-6-best-smartphone-apps-for-children-with-autism/ar-AA14NvxF
Killexams : Retention rates on Android drop 10% while iOS holds steady

Global Android day 30 retention rates have fallen a whopping 10% while iOS rates remained unchanged in Q3 2022, according to a report from AppsFlyer. Retention rates are an important measurement for app loyalty and usage and help developers to optimise and monetise their apps. 

Android retention sees continued decline

Android day 1-30 retention rates continue to decline for the third year in a row, according to the report. The average day 14 rate was just 4.3% in Q3, down 6.5% from last year. 

The sharp rise to 10% for day 30 retention rates could be a result of the growing competition in the Android ecosystem which drives users to get and try new apps. 

Meanwhile, iOS retention rates have been more stable since 2020 with the average day 14 rate being 6.7% in Q3 2022, down just 1.5% from the previous year. 

Day to Day 30 retention rates on Android

Source: AppsFlyer

News and Business app retention rises

The app category with the highest growth in day 30 retention was News with 11.3% as users continue to return to these apps to follow global developments. Business retention jumped 10.9% while Health and Fitness rose 15.6%, Music grew 8.6%, and Education climbed 15.6% between Q3 2020 and 2022.

The categories with the most rapid declines included Photography (-31.8%), Finance (-23.3%), Gaming (-20%), Productivity (-20%), Entertainment (-16.7%), Social (-15.2%), Shopping (-12.3%) and Travel (-11.8%).

Changes in retention rates by app category

Source: AppsFlyer

The country with the highest day 30 retention rate was Japan at 5.1% while China lagged behind at 1.3%.

Key takeaways

  • Android Day 30 retention rates fell 10% while iOS rates remained unchanged in Q3 2022
  • The average day 14 rate was just 4.3% in Q3, down 6.5% from last year
  • iOS retention rates were stable with the average day 14 rate being 6.7% in Q3 2022
Mon, 28 Nov 2022 02:07:00 -0600 en text/html https://www.businessofapps.com/news/retention-rates-on-android-drop-10-while-ios-holds-steady/
Killexams : Microsoft Teams brings one of its niftiest features to the Android app © Provided by Android Police

The pandemic propelled various video conferencing tools to the mainstream, putting Zoom, Google Meet, and Microsoft Teams at the forefront. With a strong hold on the enterprise and education markets, Microsoft Teams is a popular communication app among companies and schools. Much like Google Meet, Microsoft’s alternative also packs a lot of smarts, including live transcription, which is now making its way to the Microsoft Teams app for Android.

Transcription itself isn’t new to Microsoft Teams. Its web and desktop apps have had the feature since last year. While that covers most office goers who usually rely on laptops to attend video calls, it left a large chunk of mobile users in the lurch — until now. As announced by Microsoft, transcription for calls is finally coming to Microsoft Team’s Android app, which has over 100 million installs on the Play Store.

During an ongoing meeting, you can go to "More actions" to start or stop live transcription for the speakers. The new option is available for both one-to-one and group chats. Microsoft says the transcript will automatically start appearing in the meeting chat with appropriate speaker labels. However, you can also access the entire transcript after the meeting has ended through the "Files" section of the app.

Live transcription is one of the handiest features for any video conferencing tool that saves you from taking meeting notes manually while keeping pace with the speaker. Students can use it to keep a copy of their lectures and revisit anything they probably missed during class. On Google’s side, you get a similar feature with Google Meet, and even the Google Recorder app for Pixels does an excellent job of transcribing while you record.

Besides this new feature, Microsoft is also bringing instant polls during calls, schedule send for messages, and improved web experience to Teams with this big update.

Thu, 01 Dec 2022 04:55:00 -0600 en-US text/html https://www.msn.com/en-us/news/technology/microsoft-teams-brings-one-of-its-niftiest-features-to-the-android-app/ar-AA14MeXO
Killexams : Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan.

Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them.

The apps, which were available for get from the official Google Play Store, have now been taken down. That said, they still continue to be available on third-party app stores.

"This trojan uses JavaScript injection to steal the Facebook credentials," Zimperium researchers Nipun Gupta and Aazim Bill SE Yaswant said in a report shared with The Hacker News.

It achieves this by launching Facebook's login page in a WebView, which also embeds within it malicious JavasCript code to exfiltrate the user's phone number, email address, and password to a configured command-and-control (C2) server.

The Schoolyard Bully Trojan further makes use of native libraries such as "libabc.so" so as to avoid detection by antivirus solutions.

While the malware singles out Vietnamese language applications, it has also been discovered in several other apps available in over 70 countries, underscoring the scale of the attacks.

The findings come more than a year after Zimperium unearthed similar activity aimed at compromising Facebook accounts through rogue Android apps as part of a campaign codenamed FlyTrap.

"Attackers can cause a lot of havoc by stealing Facebook passwords," Richard Melick, director of mobile threat intelligence at Zimperium, said. "If they can impersonate someone from their legitimate Facebook account, it becomes extremely easy to phish friends and other contacts into sending money or sensitive information."

"It's also very concerning how many people reuse the same passwords. If an attacker steals someone's Facebook password, there's a high probability that same email and password will work with banking or financial apps, corporate accounts and so much more."


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Wed, 30 Nov 2022 21:24:00 -0600 en text/html https://thehackernews.com/2022/12/schoolyard-bully-trojan-apps-stole.html
Killexams : Android malware campaign steals Facebook accounts, victimizes 300,000 users

A red malicious-looking version of the Android mascot

An Android threat campaign using fraudulent studying and education apps to infect devices with a Trojan horse and steal Facebook credentials has recently been discovered.

According to a report by cybersecurity firm Zimperium, the campaign has been active since 2018 and primarily targeting Vietnamese readers. The Trojan, which they named "Schoolyard Bully," has been found in various applications that were downloaded from the Google Play Store and third-party app stores.

Screenshot of malicious app
One of the malicious studying apps (left) and the Facebook login screen (right) | via Zimperium

These apps pretend to be educational applications with a wide range of books and courses for users to allegedly read. However, the apps' true goal is to steal information, such as:

  • Name on Facebook profile
  • Facebook ID
  • Facebook email/phone number
  • Facebook password
  • Device name
  • Device API
  • Device RAM

The Trojan steals these data by opening a legitimate Facebook login page inside the app and injecting malicious JavaScript code to obtain the user inputs. The malware can even evade antivirus programs and machine learning virus detections.

According to Zimperium, the threat campaign has victimized at least 300,000 users across 71 countries. However, the exact number of countries could be underreported because the applications are still being found in third-party app stores.

Zimperium pointed out the significant effect of the campaign:

Facebook reaches nearly 2.96 billion monthly users and continues to be the number one social media platform. As attackers leverage the Schoolyard Bully Trojan to gain unauthorized access to credentials, they have far more success accessing financial accounts. Nearly 64% of individuals use the same password that was exposed in a previous breach. With the percentage of users recycling passwords, it is no surprise the Schoolyard Bully Trojan has been active for years.

To protect your device from potentially malicious applications, always check an app's reviews. Make sure as well that your antivirus software is updated. Finally, carefully assess the permissions requested by apps. If an app is asking for a permission that is irrelevant to the program's function, it could be malicious.

Source: Zimperium

Thu, 01 Dec 2022 18:20:00 -0600 Justin Luna en text/html https://www.neowin.net/news/android-malware-campaign-steals-facebook-accounts-victimizes-300000-users/
Killexams : Zimperium uncovers Android trojan masquerading as studying and education app

Zimperium, a mobile security firm, is warning of an Android trojan masquerading as studying and education apps that may have stolen Facebook credentials from at least 300,000 users across 71 countries, primarily in Vietnam, since 2018.

Zimperium has named the malware Schoolyard Bully Trojan, and it has been delivered via innocent-looking Android applications hosted on Google Play and various third-party app stores. Despite the fact that Google has removed the malware from its official app store, the malicious applications can still be found on other websites.

It also uses JavaScript injections to display phishing pages designed to trick users into providing their Facebook username and password, which is its primary goal.

The trojan steals these details by using WebView to open a legitimate Facebook login page inside the app and injecting malicious JavaScript to extract the user inputs. The Schoolyard Bully trojan primarily targets Vietnamese language applications, but it has been discovered in 71 countries so far, demonstrating the campaign’s global reach. However, because applications are still being found in third-party app stores, the actual number of countries where Schoolyard Bully is active could be even higher and continue to grow.

The malware hides from the majority of antivirus and machine learning virus detections by using native libraries, and it stores command and control data in a native library called libabc.so. The data is further encoded in order to conceal all of the strings from detection mechanisms.

The sources for this piece include an article in BleepingComputer.

Fri, 02 Dec 2022 01:45:00 -0600 en-US text/html https://www.itworldcanada.com/post/zimperium-uncovers-android-trojan-masquerading-as-reading-and-education-app
Killexams : These apps and devices will help relieve your holiday stress

azcentral.com cannot provide a good user experience to your browser. To use this site and continue to benefit from our journalism and site features, please upgrade to the latest version of Chrome, Edge, Firefox or Safari.

Tue, 06 Dec 2022 02:25:00 -0600 en-US text/html https://www.azcentral.com/story/tech/columnist/2022/12/06/holiday-stress-apps-gadgets/10843515002/
Killexams : Best Budgeting Apps Of December 2022

Creating and managing a successful monthly budget is all about knowing how much money you bring in and how you actually spend it. So the two key parts of any standard budget are your income and expenses.

Begin by calculating your total monthly income, including your salary, wages, tips, interest, child support, alimony and any passive income. Then list your essential monthly expenses. This could include costs like housing, insurance, utilities, bank fees and minimum credit card payments.

Next, list nonessential expenses, such as monthly subscriptions, streaming services, your average dining and entertainment costs and anything else you regularly spend money on but could live without. Look to past credit card and bank statements to ensure you’re not missing anything. Add your necessary expenses to your nonessential expenses to determine your total monthly expenses.

Is your income greater than your expenses? If so, that’s a great start. But if your balance isn’t where you want it to be, it’s time to create a budget. Understanding your goals will help you choose the best budgeting app for your needs.

Why Is Budgeting Important?

With more than half of Americans living paycheck to paycheck, according to multiple surveys, budgeting is critical to helping people break free from financial struggle and create financial stability. The U.S. has seen a rapid escalation in housing and health care costs over the last 30 years, leaving less money to put toward savings and retirement.

Having no financial plan or budget in place can cause stress and overwhelm you, leading to increased spending, living beyond one’s means and perpetuating destructive cycles. But having a solid budget in place as part of your overall money mindfulness can make a huge difference—not only by helping you achieve your financial goals but also by reducing stress and anxiety and improving your overall quality of life.

Related: Best Savings Accounts 2022

Thu, 01 Dec 2022 22:40:00 -0600 Daphne Foreman en-US text/html https://www.forbes.com/advisor/banking/best-budgeting-apps/
Killexams : Lookout Discovers Hundreds of Predatory Loan Apps on Google Play and Apple App Store | Lookout

Researchers at Lookout Threat Lab have discovered close to 300 mobile loan applications on Google Play and the Apple App Store that exhibit predatory behavior such as exfiltrating excessive user data from mobile devices and harassing borrowers for repayment.

These apps, which were found in Southeast Asian and African countries, as well as India, Colombia, and Mexico, purportedly offer quick, fully-digital loan approvals with reasonable loan terms. In reality, they exploit victims’ desire for quick cash to ensnare borrowers into predatory loan contracts and require them to grant access to sensitive information such as contacts and SMS messages.

In addition to predatory requests for excessive permissions, many of the loan operators display scam-like actions. A number of users have reported that their loans come with hidden fees, high interest rates, and repayment terms that are much less favorable than what is posted on the app stores. We also found evidence that the data exfiltrated from devices are sometimes used to pressure for repayment, either by harassing the customers themselves or their contacts.

In total, we uncovered 251 Android apps on the Google Play store with over 15 million collective downloads. We also identified 35 apps on the Apple App Store that were in the top 100 finance apps in their regional stores. Lookout has been in contact with Google and Apple about these apps and at the time of publishing, none of them are available for download. 

Based on our analysis, there are likely dozens of independent operators involved, as we only found shared code bases between small batches of apps. With that said, all the apps have a very similar business model, which is to trick victims into unfair loan terms and threaten them to pay.

Customers of Lookout Mobile Endpoint Security and Lookout Personal Digital Safety are protected from these threats.

Select samples of apps with high installs from different countries. Top row are iOS apps, from left to right: Trycash, India; RupRup, India; LoanZone – online loan, India; CashG, the Philippines; Tunai Cepat – Pinjaman Online, Indonesia. Second row are Android apps, from left to right: FairKash, Kenya; Flash Rupee, India; Peranyo, the Philippines; AnyLoan, Nigeria, EastBay, Colombia.

High concentration of loan scams in developing countries

All the predatory loan apps were found in developing countries. Specifically, we identified apps targeting users in Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda. While we don’t have evidence of where the scam operators reside, it’s clear that these regions were identified to be lucrative.

Based on the low review scores of most of the apps, the loan operators don’t seem to be afraid of getting caught and find the reputation of the individual apps to be disposable. This may partially be the result of looser financial regulations or lack of enforcement. 

Another factor that these apps are found in developing countries may be the relative ease of access to mobile apps compared to traditional financial services, especially for those that have a lower income. In one instance reported by TechCrunch, a victim decided to use a loan app because their income doesn’t qualify them for a traditional loan. According to the World Bank, 1.4 billion people globally don’t have a bank account, while only 800 million don’t have access to a mobile phone. In the Philippines, for example, only 51% of the population has a bank account compared to 92% that has access to a mobile device.

The focus on developing countries may also explain why we found more loan scam apps on Android than on iOS. Outside the U.S. Android is much more popular, with more than 70% of the market, partly because of the availability of extremely low-cost Android devices.

Lookout discovered predatory loan apps in regional stores of nine countries: Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda.

How do loan scam apps work?

The loan scam apps on both Android and iOS rely on users to provide personal information as part of the loan application process. However, they also require the user to grant permissions to access information on the device that clearly go beyond what a typical loan application would require. 

Here’s a breakdown of the “modus operandi” of these predatory loan apps.

Filling out the loan application

The scam starts out quite innocuous, with the user downloading the app from Google Play or the App Store. They are then prompted to fill out an application, which asks for the applicant’s name, address, employment history, education, and banking information — all the typical data that a legitimate institution would request.

Most of the apps also ask for something that has become quite common: ID verification with a video selfie. While this is a process that many legitimate apps also use, we assess that the loan scam apps expose users to significantly higher risks. 

Most of the predatory loan apps request ID verification via a video selfie. The two screenshots on the left are from the Indian Android app Flash Rupee asking for the permanent account number (PAN) card and the Aadhaar ID card.

Requiring excess app permissions

In addition to the data that users voluntarily fill in as part of the application process, the apps also request an extensive list of device permissions, such as call logs, SMS, installed apps, photos, and contact lists — this last one is key to the harassment campaign that would come later.

Permissions are required by most of the predatory loan apps before the user can submit a loan application. The four screenshots on the left are Android permission requests by the Colombian app Eastbay. The screenshot on the right comes from the Indian iOS app CashG.

To coerce victims into providing these, the apps won’t allow the user to proceed if any of the requests are denied. The operators are actually quite forthcoming about what they ask for and itemize them in the terms and conditions. But upon closer examination, these polices don’t add up.

FairKash, an Android app that used to be on the Kenyan Google Play store, uses generic language in their privacy policies about how contacts, and SMS permissions would be used. For example, it claims that contact lists will only be used to “detect fraudulent loan applications and reduce credit risk.”

In our analysis of network traffic, we observe that many of the apps will begin exfiltrating contact information as soon as the permissions are given. On Android, some apps will also exfiltrate SMS. Contacts, phone history, and SMS messages are particularly desirable to the scam operators as they can be used to publicly shame the victims into repayment. These collection practices are described below.

We found that the iOS app CashG from the Philippines not only asks for permissions to access contact lists, but it is actively exfiltrating that data based on the network evidence we collected.

We found evidence that Colombian Android app EastBay actively exfiltrated SMS data once the user gives it access.

Bait and switch: predatory loan terms

Unlike other common scam schemes, the would-be victims do receive some amount of the loan they apply for — but with huge penalties. Large amounts of fees, as much as one third of the total amount borrowed, according to the New York Times, would be subtracted from the loan distribution. After that, exorbitant interest rates kicks in and the victim would be asked to repay within a matter of days.

Both the Apple App Store and Google Play Store platforms have specific guidelines on acceptable personal loan apps, including a maximum APR of 36% as well as a minimum loan repayment term of greater than 60 days. While all of the loan app listings we encountered are in compliance with app store policies — according to user reviews, social media posts, and reporting by journalists — the terms that are actually paid out are completely different.

Above is an excerpt of the loan terms for Trycash, an iOS app from India, that shows app store policy compliant loan terms that it claims to provide. Below is a user review claiming that they were only given eight days to repay a loan that had a large amount of processing fees.

Harass victims for repayment

Once the victim’s information is exfiltrated by the app and the loan is distributed, the collector then begins cycles of harassment. Sometimes the loan operator would wait until the repayment deadline has passed, but we’ve seen many complaints indicating that harassment occurs before payment is required. This is where the exfiltrated contact information comes in, where anyone, including those that the victim didn’t include in their loan application, would be contacted.

A common tactic is to disclose or threaten to disclose a borrower’s debt or other personal information to their networks of contacts, which often includes family members or friends.

Two Google Play reviews of Android app FlashRupee from India reveals that they were told to pay up even before their loan terms were up or else they would start harassing their phone contacts.

An App Store review for Trycash details harassment of their contacts when their loan was due.

Mobile convenience is a double-edged sword

Mobile apps are a convenient way to interact with businesses, including financial institutions. However, when entrusting them with sensitive personal information it is extremely important to establish that this information is handled responsibly and not used against the user. Some of our most personal data such as text messages, call logs, photos, and videos can be exposed simply by granting a permission requested by the app. Before giving up a permission, users should ask themselves if it makes sense that the permission is needed for the app’s purpose and if they trust the business behind the app with the requested data.

In recent months, certain jurisdictions have started to crack down on loan scams — including Google pulling 2,000 apps from the Indian Play store, which is encouraging. However, in these loan scam schemes, the app only plays the role of luring in the user and collecting information. By itself, the code of the app is not obviously malicious — it is the overall business model that scams the user. This makes the task of identifying these apps challenging and we will likely continue to see them appear globally.

How to protect yourself from loan scams

  • Only apply for loans from established institutions: Before taking out a loan, research the organization that you’re interacting with. Consider the organization’s history, reputation, and registration with relevant national regulatory agencies.
  • Scrutinize the app’s permission requests: Before granting any app permissions, ask yourself whether it actually needs those data to function, especially when they’re seeking access to location, SMS, contacts and files.
  • Install apps from official sources: While malware has at times slipped into official app stores, they do actively vet their apps for anything malicious or suspicious.
  • Read reviews for the apps: Reviews, whether positive or negative, can supply you insight into whether an app is safe for you to use.
  • Install dedicated mobile security: By having a dedicated mobile security solution like Lookout Mobile Endpoint Security for enterprises or Lookout Personal Digital Safety for individuals, you’ll be protected against the predatory apps we’ve uncovered along with other mobile threats.

*** This is a Security Bloggers Network syndicated blog from Lookout Blogs authored by Lookout Blogs. Read the original post at: https://resources2.lookout.com/blog/predatory-loan-apps

Wed, 30 Nov 2022 02:19:00 -0600 by Lookout Blogs on November 30, 2022 en-US text/html https://securityboulevard.com/2022/11/lookout-discovers-hundreds-of-predatory-loan-apps-on-google-play-and-apple-app-store-lookout/ AND-401 exam dump and training guide direct download
Training Exams List