IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Symantec warns about Tap Snake Android game

A seemingly innocent free game for Google's mobile OS has been found to be a front for a tracking app that allows hackers to follow your every move.

Android

Security software firm Symantec has warned of a seemingly harmless Android gaming app that makes it possible for users' movements to be tracked in real time through their GPS data.

The free Android game Tap Snake is billed as "yet another modification of the Google Android Snake game". However, behind the scenes the app logs the user's GPS coordinates every 15 minutes and uploads them to a server accessible to another paid-for spying app called GPS Spy.

"GPS Spy then downloads the data and uses this service to conveniently display it as location points in Google Maps," the Symantec advisory warns. "This can give a pretty startling run-down of where someone carrying the phone has been."

In its description for GPS Spy, which costs $4.99 to download, maker Maxicom even goes as far to openly instruct users to download Tap Snake to the phone they wish to track, though the download page for Tap Snake itself makes no mention of the app's hidden agenda.

"Download and install the free Tap Snake game from the Market to the phone you want to spy on. Press MENU and register the Snake with the service," Maxicom instructs. "Use the GPS Spy app on your phone with the same email/code to track the location of the other phone. Shows the last 24 hour trace in 15 min increments; data is kept for a week."

According to Symantec, Tap Snake has been downloaded anything from 1,000 to 5,000 times, while GPS Spy has been downloaded 100 to 500 times.

Despite Symantec classing the app as malicious for withholding its hidden features, the majority of consumers who have downloaded Tap Snake should have little to worry about. In order for a phone to be tracked, the attacker would need physical access to the handset in question to copy the code supplied by Maxicom when the app is installed, which then needs to be entered into GPS Spy.

In addition, Android notifies users which features of their handset an installed app wishes to access, theoretically making it simple to spot when an app is not what it seems to be.

The Symantec advisory marks the second time in a week that the safety of Android software has been called into question. Last week, fellow software maker Kaspersky Labs identified an SMS Trojan for the open-source OS that was found sending messages from infected mobiles to premium rate numbers.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022