(This post originally appeared on Inc.)
A news item caught my attention this week: my beloved CamScanner was de-listed
from the Google Play Store because of a malware infection. Oh no!
According to many reports, the application had been infected by a Trojan malware that may cause users to receive “malvertising” ads or – even worse – unknowingly being led to sign up for services or websites they don’t need.
“In this particular case, we’ve seen an advertisement SDK [software development kit] added to the code of application,” Igor Golovin, security researcher at Kaspersky (who initially discovered and then reported the issue to Google), told the Information Security Media Group. “Based on feedback of users we’ve received and have seen in public, at least in some cases, people were losing money as a result of installation of this application with a malicious module.”
I admit, the news initially upset me. I’m a huge user – and fan – of CamScanner. Because of this one little smartphone application my office was able to throw away our two old fax/scanner devices. Whenever I need to send someone a document – any document – I just snap a few photos of it using CamScanner and off it goes via PDF to my recipients. Take it from me, it’s an excellent application. Or don’t take it from me – take it from the 100 million users that have downloaded it from the Google Play store.
So when I heard this news, did I immediately delete the app from my phone? Did I demand that my employees do the same? Absolutely not. When these things happen there’s no need to panic. I’m aware that CamScanner, like so many other free apps on my phone is just that: a free app (there is a paid version too).
Although I’m sure the experts at Google Play have their due diligence procedures I’m not naïve enough to think that any app I download from there will always be safe and secure because that’s too high an expectation. I’m careful with this app – like all apps – when I use it. I don’t click on ads. I stick to what it does. I keep an eye out for anything strange happening to my device like a strange battery drain or unknown apps running in the background. I have anti-virus software always up and running on my other devices. I insist others in my company do the same. All I did was stop using the app for a few days and waited.
And the waiting paid off.
Sure enough there was a fix from the company within a few days which assured users like me that the problem was corrected and that the latest version was now available to download on Google Play – which I did. The company temporarily removed all advertising software developer kits including Facebook and Google’s and confirmed that our documents are “safe” and that there is no evidence of suspicious codes injected by third party advertising that can cause any leak of document data. The company also suggest that we use our anti-virus software to double check the software and report any issues to them.
CamScanner is a great little app. Google’s Play Store is a great service. Is it all perfectly secure? Of course not. I’m grateful to the firms like Kaspersky that keep watch over these things. But I’m also well aware that there are risks, particularly with free software. Given the benefits, I’m willing to accept those risks. So should you.