It has been disclosed that Indian-oriented offline maps mobile application ‘Deesha’ stole data from Android-based mobile users. The government has warned users not to download Deesha and use only Google Play Store, which offers verified and protected applications.
An advisory issued by the National Telecom and Information Technology Security Board (NTITSB) read “The Indian ‘Deesha Application’ automatically gets access to the host system, data store, SMS read and location permission without knowledge of the users.” The additional features of the application, it added, included displaying location in Indian grid system with accuracy, navigation to save way points, photo geo-tagging, location sharing, map view with panning and zooming option and displaying device way points.
The advisory read that the application was not available on Google Play Store and might be downloaded from third party servers. “As the users’ feedback of the application was quite positive, hence, its large scale use in the future could not be ruled out,” it added.
The NTITSB said organisations or users should refrain from using Deesha as it was an Indian third party application.
The board also issued best recommendations for mobile application usage. It asked the mobile users to block all applications installed from unknown sources. “These options are disabled in Android by default and it should stay that away.” “Google Play Protect must not be switched off in any case as it detects suspicious looking applications in a mobile device based on their behaviour and generated alert for users,” it added.
It further advised mobile users not to click on links that promised unusual features or functionalities including “WhatsApp offers of free airline tickets”, which were usually just an attempt to steal one’s personal data.
The same applied to phishing including texts from friends containing suspicious URLs.
“Before installing any application, users must read its privacy explaining what data it was collecting from them and with whom it was sharing that data,” the NTITSB said.
In February last year, a US-based cybersecurity company had found that two malware programmes on an Android-based platform that emerged in India had been spying on the Pakistani military. In a statement, Lookout had said it had discovered the two malware, Hornbill and SunBird, which were being used by a cyber-group named Confucius that first appeared in 2013 as "a state-sponsored, pro-India actor primarily pursuing Pakistani and other South Asian targets”.
"Targets of these tools include personnel linked to Pakistan’s military, nuclear authorities, and Indian election officials in Kashmir," the statement had read. "Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS, encrypted messaging app content, and geolocation, among other types of sensitive information.”
(With input from agencies)
1722586547-0/Untitled-design-(73)1722586547-0-165x106.webp "article")
1732340798-0/BeFunk_§_]__-(35)1732340798-0.jpg "bushra bibi did not name saudi arabia in remarks about madina visit pti s raoof hasan")
COMMENTS (1)
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ