Huawei's AppGallery riddled with malware-infected games Cybersecurity researchers at anti-virus software company Dr Web have discovered a treasure trove of malware-laced Android games on Huawei's AppGallery. The trojan, Android.Cynos.7.origin, is a Cynos variant that collects user information. To date it has been installed over 9.3 million times. The infected apps ask for …
Permissions can be very broad. "make and manage phone calls" could be there just to check if you are making a call before pinging you to announce their latest update.
The really annoying one is 'location' and refusing to permit access to 'Location' can cause the app to get very stroppy. The National Trust one went into a loop because I refused as I normally expect to choose the area to search rather than have it make suggestions based on where I happened to be at the time... it was only marginally better when I permitted Location but had GPS off (my default for the same reason, namely I normally know roughly where I am) as it hangs waiting for GPS then your response to 'GPS enable y/n?'
This is bad UI design. It should ask you to if you want access to GPS on first startup, then if you say "no", it shouldn't bother you again, but give you the option to change your mind maybe in some sort of settings option.
but even if Huawei's assurance is true that its hardware/system design is not open the the government's prying, an accidental-on-purpose habit of pisspoor software coding, exploited via a store of malware-infested client apps, might well be sufficient to keep the dragon placated. You only need one covert dragon egg in the store to gain popularity, and whoosh.
A lot of Android apps require the use of Google location services simply when they need to use Bluetooth. This is due to Google's persistence on detecting surrounding Bluetooth devices as part of their supposed positioning enhancements. Wifi, maybe, but Bluetooth?
Came here for this comment.
/rant on
I have a Bluetooth enabled bicycle helmet with not too bad sounding speakers which would be perfect, except that i need to enable Bluetooth AND GPS otherwise, the helmet app refuses to connect to the helmet.
Annoying, but it gets even worse, the app compares my ride to all other helmet owners (in the area? worldwide? - no idea) and proceeds to passive aggressively nag me that I only managed to defeat x% of other riders on this trip. I'm still wondering why I should care, I simply went grocery shopping on the bike for *$%& sake, no one old me I was in a competition.
I only hope there's never a data leak of all routes, because then everyone and their dog would know exactly where I live/work/do whatever private stuff I certainly don't wish to share with the world while using this helmet.
It's still cool to be able listen to music during my daily commute to work though.
/rant off
Looks cool, but unfortunately, in my jurisdiction (Central Europe), cycling with earphones is a grey area, so that's a non-starter.
Although the law does not explicitly forbid earphones, it prohibits "distractions" while participating in traffic and some police persons believe earphones qualify as such. It's basically a toss of the dice if you get stopped but more likely than not, it would be an issue.
With the helmet at least, surrounding traffic sounds are not blocked and so far, speaker helmet wearers and cyclists with bike mounted speakers have not had any problems with the police here.
AppGallery’s built-in security system swiftly identified the potential risk within these apps
Uh-huh. Suuuuuuuure.
Because "Upon being contacted by the researchers, Huawei removed the 190 apps identified as infected".
We welcome all third-party oversight and feedback to ensure we deliver on this commitment
So the "built-in security system" did not "swiftly identify" the 190 additional apps as malicious?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
