Thursday, May 2, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

QuickHeal Security 

Beware of fake apps that claim to link your mobile number to Aadhaar

admin ,

Credit to Author: Anand Singh| Date: Thu, 14 Dec 2017 14:21:32 +0000

Are you looking for ways to avoid visiting your cellular network provider’s care center/store to get your Aadhaar linked to your mobile number? Have you recently searched for apps that can help you do this? Well, here is some important and useful information for you. It is now mandatory for all mobile users to link their Aadhaar to their mobile number. According to an advisory issued by the Unique Identification Authority of India (UIDAI), mobile users do not have to visit any store to get the Aadhaar-phone linking done. This can be done with a voice-guided system through a one-time password (OTP) from 1st January 2018, as reported by Times of India. Quick Heal Security Labs came across an app on the Google Play Store that claimed to help users link their mobile number to Aadhaar. For obvious reasons, we found the occurrence of this app suspicious because the UIDAI has not spoken about any mobile app which can be used for Aadhaar-phone linking. As expected, we found the app to be fake and not related to UIDAI. This is what it looks like.   Fig 1. The fake app’s interface displaying a fake biometric authentication mechanism. This app was downloaded over 1,00,000 times and was removed from Google Play after Quick Heal Security Labs reported it to Google.  An interesting observation One interesting thing which we observed during our analysis is this app can send you an OTP even if you don’t have a SIM card in your phone. Wonder how this works? A simple trick used by the app developer answers this question. The OTP sent for the verification is just a pop-up notification generated by the app to fool the user. This notification looks similar to the ones which are displayed at the top part of your mobile screen whenever you receive a new SMS. Fig 2 below shows how the fake OTP notification appears. Extremely tricky, isn’t it? Our verdict This fake app is nothing but a source of income for the app developer which they generate by serving unwanted ads to the user. This app does not benefit the user in any way and even worse, it can also be used to steal their Aadhaar information. Such stolen information can be used for identify theft and other such crimes. Fig 2: OTP generated by the app. Quick Heal Security Labs analyzed similar apps on the Play Store and found many with names related to Aadhaar and mobile phone linking. Most of these apps name themselves as ‘prank’, ‘guide to linking Aadhaar to mobile’, and ‘just for entertainment’ in their descriptions which are usually not noticed by most users (fig 3). We strongly recommend you to always read the description of an app you want to install on your device. Just because an app describes itself as a prank app, it does not mean it is safe to use. Fig 3: One of the app’s description.   Further observations There was a sudden rise in the number of people searching the Internet for the term “link Aadhaar number to mobile number” on Dec 1, according to the Google Trends survey for India. Noticeably, on this very day, UIDAI gave its approval to telecom community’s request to make the Aadhaar-mobile linking facility available online. Fig 4 shows the trends. Fig 4: Sudden increase on Dec 1 for the search query “link Aadhaar number to mobile number” in India. To reiterate, currently there is no app which will provide you with in-app biometric Aadhaar to mobile linking facility. How to stay safe from fake mobile apps Check an app’s description before you download it. Check the app developer’s name and their website. If the name sounds strange or odd, you have reasons to suspect it. Go through the reviews and ratings of the app. But, note that, these can be faked too. Avoid downloading apps from third-party app stores. Use a reliable mobile antivirusthat can prevent fake and malicious apps from getting installed on your phone. Note: We searched the Play Store and found apps with the following package names. These apps claim to link phone number to Aadhaar but they are mostly prank apps or guides and do…
http://blogs.quickheal.com/feed/