Categories
Cybersecurity

Dubsmash application: the perfect viral espionage tool [VIRUS or FUN]

The Dubsmash application has gone viral on iOS and Android devices. The application has been published on 27 november 2014 and it has been installed over 500.000 times. The Dubsmash application’s size is 32MB.

We have taken a quick look at the permissions which are granted to the Dubsmash application.

 The Dubsmash application noted the following permission:

  • Download files without notification
  • Receive data from Internet
  • Full network access
  • View network connections
  • Manage vibration
  • Prevent device from sleeping
  • Send sticky broadcast

The device also allows the Dubsmash application to use the following permissions:

  • View identity
  • Find accounts on the device
  • Photos / media / files
  • Modify or delete the contents of your USB storage
  • Test access to protected storage
  • Camera / microphone
  • Take pictures and videos
  • Information about device ID and calls
  • Read phone state and identity

Dubsmash espionage

The Dubsmash tool allows users to pick a sound and record themselves while playing back the selected sound. The Dubsmash application has gone viral in the Netherlands and it looks like that it will continue to grow.

The following permissions ringed my personal alarms:

  • Download files without notification
  • Full network access
  • View network connections
  • Send sticky broadcast
  • Modify or delete the contents of your USB storage
  • Information about device ID and calls

Why would the Dubsmash application need the mentioned permissions?! There is no reason to download files without my permission, there is no reason to gain full network access. My network connections are MY network connections, indexing them is not ALLOWED from my point of view.

Sticky broadcasts for uploading videos to the internet? No thank you.

A Sticky Broadcast is a Broadcast that stays around following the moment it is announced to the system. Most Broadcasts are sent, processed within the system and become quickly inaccessible. However, Sticky Broadcasts announce information that remains accessible beyond the point at which they are processed. A typical example is the battery level Broadcast. Unlike most Broadcasts, the battery level can be retrieved within applications beyond the point at which it was sent through the system. This means that apps can find out whatever the last battery level broadcast was. Source.

Information Gathering

Developers use these types of permissions to gather information from the devices which are using the Dubsmash application. The collected information might then be used for commercial goals. You decide.

By CWZ

Founder of Cyberwarzone.com.