VivaVideo And Other Apps With Over 157 Million Installs Spy On Users

While many people love to use video editing apps, little do they realize that not all of these apps are user-friendly. For instance, VivaVideo. Researchers have found that VivaVideo, together with other apps from the same developers, actually spy on users. They seek dangerous permissions and access data unnecessarily.

Developers Behind VivaVideo App Spy On Users

Researchers from VPNPro have shared a detailed blog post regarding their findings on some spyware apps. Specifically, they found that the developers behind VivaVideo and other related apps are spying on users. They came to these findings owing to numerous dubious factors.

Reportedly, team VPNPro noticed that the app VivaVideo, while justifiably asking for permission to read/write files to external drives, also asked permission to the users’ GPS location – something not really needed for a video editing app.

Presently, this app has over 100 million installations on Google Play Store.

Another suspicious thing about this app is its developers. On Play Store, the app shows QuVideo Inc. as its developers, who own two other apps as well. These include the VivaVideo PRO Video Editor app, and Slideshow Maker – SlidePlus.

However, on Apple’s App Store, the same developers, QuVideo Inc. have two more apps: Tempo – Music Video Maker app, and VivaCut – Pro Video Editor. These two apps are also available on Play Store but under separate developers. This shows the developers have deliberately tried to hide their identity with these two apps on Play Store.

Moreover, while all three QuVideo Inc. apps boast email addresses with the same domains (vivavideo.tv) and address. However, the other two apps, Tempo and VivaCut, have different and simple Gmail email addresses under the developers’ details. Plus, the physical addresses are also different, VivaCut having the vaguest one.

Nonetheless, all these apps also ask unnecessary permissions such as access to the precise location, running app history, change network connectivity, phone status and identity, and other details.

Relation With Other Suspicious Apps

While digging out the details about WivaVideo and its developers, researchers could also find links between QuVideo Inc. and the popular app VidStatus. This app also asks 9 dangerous permissions including access to contacts, GPS, and call log. Plus, Microsoft has also detected this app as a trojan AndroidOS/AndroRat.

Besides, VPNPro could also find at least three suspicious links between the popular Indian app ShareChat and QuVideo. These include the same API key within the APK, similar URL structures, and similar homepages.

Digging further made the researchers establish that the six apps (excluding ShareChat) actually belong to the firm Hangzhou Zhuying Technology Co., Ltd. (This is the declared parent company behind the VidStatus app as per the app’s privacy policy.)

Considering all these suspicious behaviors, researchers advise users to stop using these apps and delete them. Otherwise, these apps pose a threat to users’ privacy and data security.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil