Vape phone apps

[Tranquility]

I have two vapes that use apps as part of the package. (FF2 & IQ)

Does anyone know if either used a software development kit called Igexin?
https://arstechnica.com/information...h-100-million-downloads-had-spyware-backdoor/

 

[Delta3DStudios]

I'm not an App developer, but according to that news article, Google has already removed the 500 apps which used the Igexin SDK, correct?

As of this afternoon both the FF2 and the IQ apps were still available in the google play store

https://play.google.com/store/apps/details?id=thefirefly.android&hl=en
https://play.google.com/store/apps/details?id=com.organicix.davincivaporizer

Logic would dictate that since both apps are currently accessible in the Google Play store, they likely do not run on the Igexin SDK. If they did, they would likely not be available in the store and thus require the APK file to be installed

 

[Tranquility]

I would agree with you, but, I don't think "logic" will get us to know if the phones have been breached.

The reason I first found out about this is because of a weather app I have on the phone and that app was specifically mentioned in a Gizmodo article on the same subject.
http://gizmodo.com/accuweather-is-tracking-you-even-when-you-dont-give-it-1798321352

That app is still on Google Play.
https://play.google.com/store/search?q=accuweather

Edit:
Sorry. I just linked the search. The app is:
https://play.google.com/store/apps/details?id=com.accuweather.android

 

[paytonpenn]

Based on all this information any app could be suspect to backdoors in the dev kits.

Lookout isn't publishing the list of the affected 500 apps because researchers don't believe the developers knew of the spyware capabilities included in the SDK.

If developers can be unaware of the capabilities and features in the software they are using to develop software then this is a bigger issue. Even the software Accuweather was using had its ability to bypass permission even when a user specifically prompts it not to.

This is probably because permissions weren't a priority until recently and it never got entirely removed when newer os updates came changing the atmosphere.