Vulnerable Mobile Application in Google Store, Spoofs your identity & makes fake calls
Cybersecurity Researchers, GIS Consulting says, during their examination of several android mobile applications found that there are some free applications available on google play and app store which provide the facility to establish free calls over internet to users. Anyone possessing an android mobile phone can download this application for free and make free calls.
An application called "Call India - IntCall" provides the same service, and this application is available on google play as well as app store. Now, you might be thinking, what's strange in that. But this application has a very serious and dangerous flaw in it.
Application Does Not Require Any User Authentication Permission
As per Mr. Naveen Dham CEO & Founder of GIS Consulting, any person can simply download this application from google play store or app store, after getting downloaded, the application asks for registration, in which we can simply register by entering anyone’s phone number whom you want to spoof.
This is where the biggest flaw exists. As this application does not require any user permission from the owner of the phone number, a person can enter any 10-digit mobile number of anyone and get registered successfully without entering any OTP or any verification code.
The application can be used to make fraud calls to anyone using someone else’s caller identity number, as one can use any valid or invalid number to call someone without getting caught.With this the criminals can spoof your phone number to call your family members, friends, colleagues, employees, employers or bankers etc. to extort money or get critical information pertaining to you.
These type of applications should have been thoroughly checked by Google before putting them on play store which raises a big question on Google’s procedures followed to allow any new application to get uploaded on play store.
The strange thing is that the application is still not reported by anyone and freely available on internet.The application developers should implement OTP based authentication or any other type of user verification which verifies that the user is genuine.
This application can be used by not only hackers but also by fraudsters, extortionists and terrorists etc. for their benefit and can harm the society.
Immediate actions should be taken to remove this app from Google Store and remediation actions to be taken to restrict these kind of applications to be uploaded on play store.