Given the scale of the problem and the underlying feeling that anti-piracy campaigns rarely have a long-term impact, a change in tactics every few years is to be expected.
After demonizing file-sharing for much of the 2000s, more attention has come to pirate sites and the people behind them. In parallel, the pirates were asked to consider the effect of their habits on creators, not the very large ones, but those who struggle through their lives trying to make ends meet, just like them.
There was nothing fundamentally wrong with that message, but since Hollywood and most of the music industry thrive on images of extraordinary wealth and power, the message has often found itself muffled under red carpets, dazzling award shows, and other big-money displays, not even shared with the kids. It was time for another change of tactics.
Think of the boy in the mirror
The theme of the last five years has three key components: crime, malware and pirate welfare. Now portrayed as victims themselves rather than the reason pirate sites exist, pirates are being warned of high-level organized crime, using digital content as a misdirection, while malware steals their privacy and empties their bank accounts. Piracy has also received an upgrade in the corridors of power; now it’s a cybercrime problem.
The narrative is really dramatic, but is it believable?
In many cases, these images are exaggerated and completely unnecessary. In other cases the claims are entirely credible, there is no doubt about that. The philosophy of caring is sharing has been a life support for years and by default even the smallest pirate site operators are criminals under the law. In many cases the way they generate revenue is no more harmful to users than the rest of the awful advertising found online, but malware and other mechanisms are also part of the equation.
Based on the theory that scary relationships have little impact and that knowledge always trumps fear, perhaps it’s the right time for people to make up their minds after taking a look under the hood. It’s not only a chance to see how things work, but also part of a balancing exercise; legality and support for the creators on the one hand and illegality and potential risks of breaking the deal on the other.
Since Android apps are likely to be installed without even a second thought, especially by young people, it could be a good place to start. None of the following tools require any apps to be installed.
Free tools for basic checks
While not the most comprehensive tool on the market, CloudSEK’s BeVigil mobile app search engine can be installed on Android devices themselves via Google Play. The BeVigil app will raise the alarm if another app requests excessive permissions, with the aim of improving the detection of malware and vulnerabilities in rogue apps.
The BeVigil platform can also be accessed via the web, where users can search for an app by name or upload an app for the platform to test.
For illustration purposes, we randomly selected a single variant of “Pikashow” movie and TV streaming app and found three risky device permissions and three others marked as dangerous.
For complete beginners the color combination alone provides a guide; green is largely acceptable and red the exact opposite. Three reds means three red flags, no matter how many greens.
For the curious, clicking on each color-coded permission reported will provide an explanation of what the app might do, if the user grants it permission to do so. For example, the red “system alert window” permission above allows the app to place another window above all windows containing any messages.
Most of the time “Click here to remove malware” means “Click here to install malware” while “Click here to watch movies” means “Click here to install malware”. An alert window can also offer a shiny new update with sincere assurances that everything is always safe to use and despite the “click install anyway” warnings. Countless people blindly do just that.
Let me be clear, not everything that sets off an alarm turns out to be malicious but double-checking on another platform never hurts. We asked Immuniweb for its opinion on the same app and received an even worse report.
The overall score calculated to rate a relatively “secure” app on BeVigil seemed too high. A variant of BeeTV downloaded over a million times received a security rating of 7.4 despite asking for “system alert window” permission and access to information in the user’s phone, including the network provider, outgoing call status, and details of all phone accounts registered on the phone.
The question that needs to be asked here is simple: why does an app need all this information just to play a video? The answer is also simple: it is not so.
VirusTotal and Joe Sandbox
At a basic level, both VirusTotal and JoeSandbox make it easy for users to upload an APK and analyze it. In many cases other users will have already uploaded the same file, meaning reports are available immediately.
These tools are much more advanced, and while still easy to use, interpreting the data presented becomes more and more complex as the connections are developed. VirusTotal has a gallery of other users’ surveys on all kinds of malware, which can be very fascinating on the one hand but absolutely terrifying on the other.
That said, both have a free tier, so they’re perfect for getting more familiar with apps and websites from a perspective most users never experience. Both platforms also allow you to view detailed reports made in the past and one in particular catches the eye.
Advance warning that this report is huge and may freeze your browser for a while while loading. Ratio is a major concern and more time is needed to digest it properly, but it doesn’t look good at first glance.
More generally, the sky isn’t falling yet, but with so many opportunities to be educated via freely available tools, taking unnecessary risks must become a thing of the past. The important thing is to raise awareness; informed choices that resonate with the individual who always beats blindly following the crowd.
Note: Risk can be managed and reduced but cannot be eliminated. No single tool is authoritative. Testing on five tools is always better than testing just one. All security vendors reporting an app as clean does not necessarily mean that an app is safe. No app should be trusted by default just because it has a familiar name. Finally, security issues aside, it should go without saying that copyright infringement is against the law.
Other free tools worth trying:
Any.run – interactive malware analysis
Hybrid scan – free malware scan
Qu1cksc0pe – Malware Scan Tool (Advanced)
MobSF: Malware Analysis Tool
#pirated #streaming #apps #dangerous #free #tools #find #TorrentFreak
Image Source : torrentfreak.com