Is Lookout riskware apps anything to worry about?

[LJ Sal]

I got two modded kiks that came up as riskware saying it could steal personal info from the phone. And also it says inside these apps is something called "mixpanel." So is this a risk and if it is what kind of risk? can the app only steal information I put on the app such as photos I send or text I send on the app or could the modded kik app take pics, sms, Ect stuff that is on my phone? I really wanna know the dangers of a modded kik app labled as riskware by Lookout.

 

[Rukbat]

Any app can be modded to do anything, so without decompiling the app you have, there's no way to tell. But assume that the modification allows the app to access anything it has Android permission to access - contacts, passwords, pictures not in that app - anything. If you're okay with that, fine. If you're not, don't use the app. (And remember, if you have a banking app, or Google or Samsung Pay, it could have access to those too.)

 

[LJ Sal]

I know that and that is why I deleted it. I just didn't know before but others say only way the app/developer can steal photos or stuff from my phone is if it is malicious and virustotal gave the file 1 error. And thought permissions was for the app to function, not for the developer to use on the user. Also I thought even if it was possible this riskware developer app could only access the stuff in Kik folder?

 

[Rukbat]

"Malicious", when applied to a computer program, means that it does something you don't want it to do. there's no "malicious" library that gets included in programs like that. You might consider a texting program that can access your pictures malicious.

Any app can request any permissions when it installs, and if you just click OK without thinking, you could be giving it permission to do something you don't want. Or the app could get on the internet, download and install an app that gets root access (just like Kingroot or any other rooting app), then all bets are off - root has access to everything.

As for an app warning you that another app is dangerous, that could be a sales attempt, it could be trying to get you to uninstall an app that's protecting you - anything. If an app can be written to access data, and that's data it's not supposed to be accessing, it's malware. Or it's a file manager running in a rooted phone. The only "protection" is the human brain. Apps can tell you that something is "riskware" or "a PUP" (potentially unwanted program), but only you can decide if it is. (Towel Root, the only way to root an AT&T Note 3, is a PUP. Even though I know what it does, I deliberately installed it, etc. Any time I ran a virus scan on my Note 3s it came up. It was up to me to ignore the warning or uninstall the app.)

Can an app be written that can only access data from one app? Sure. But an app that can access data from any app can also be written. It's 2018. In 1978 we didn't worry about viruses, now we have to, because too many people have too much time on their hands and have nothing better to do than modify someone else's virus. (In 1978, if you could write software, writing it to hurt someone else never came to mind. There were too many things that "no one can do" for us to try to do anyway.)

 

[LJ Sal]

You are saying a malicious program is something that does stuff you don't want it to do? can a modded application that can access the internet have the developer able to download root on my phone and access anything? even if the apps doesn't show up on my phone and I deleted the original app that caused it? I have apps saying root access detected when root checker says it is no root. and modded social medias like kik still use regular kik servers and and database. they just change the features and layouts. so how can a developer of a modded app possibly access the folders of people who use the app without it being malicious? and the kik app access pictures from my whole device but when I go to photos it as it's own folder of pics so I think the developer can only access it's only folder? but the app itself can access anything for functionality.

 

[chanchan05]

Modded Kik can be sending copies of your messages and pictures sent to the modder and you're none the wiser. They could have inserted that code into your modding. That's why anything "modded" is immediately flagged as malicious by these scanner apps. They detect that it's not stock, and they have no idea what the modded code means that's why it's riskware, it's a risky app.

 

[LJ Sal]

Coding to do that inside the app but not take my data files on the phone?

 

[chanchan05]

Coding to do that inside the app but not take my data files on the phone?

They can as well. Kik needs access to storage. It really depends on what permissions you gave it. Access to storage plus internet access means they could do that.

 

[LJ Sal]

Then a developer just has click a buttons to access everything on my phone since downloaded their app? that is absurd. too bad I know at too too late of a time.

 

[chanchan05]

For apps in tge Google store, it's relatively safer because Google does monitor apps for malicious intent. But for modded apps from outside PlayStore or Amazon, then it's a risk.

Then a developer just has click a buttons to access everything on my phone since downloaded their app? that is absurd. too bad I know at too too late of a time.

 

[Rukbat]

Which is why we always recommend installing apps from Play, not from a possibly unsafe site. (With Play, you also stand a better chance of getting the version of the app that your phone needs if there's more than one.) Of course you don't get "all the benefits of the mod", but many of them are of benefit to the developer, not to the user.