In a big surprise, it has been revealed that being on the social media could well have led to users information being stolen. The threat was so serious that Google itself stepped into the case. According to Google, an app called ‘Tizi’ has surfaced which steals information from call records and also from social media including Facebook and WhatsApp. Not only that, the app also takes away pictures without informing the owner or even switching on the display. A Google security blog post stated, “Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities.”
Google has struck off this app from its Play Store and was prompt to notify the affected devices. The company has suspended the account of the developer. In the security blog post stated that a previous version of the app did not have ‘rooting’ capabilities. But it as the app got updated, it had the capabilities and started to steal sensitive information from devices.
The post said that after gaining rooting capability, Tizi steals sensitive data “from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.” The backdoor capability of Tizi were common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype, sending and receiving SMS messages, and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps “Tizi apps can also record ambient audio and take pictures without displaying the image on the device’s screen,” the post said.
Vulnerabilities in devices which could have been affected by Tizi were fixed with new software codes after April 2016.
The Google security post said, “If a Tizi app is unable to take control of a device because the vulnerabilities it tries to use are all patched, it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls.”