Recently, pornographic livestream applications have exploited vulnerabilities in social media platforms like TikTok to spread information and reach users. These platforms constantly entice users to download their apps to participate in gambling, betting, and watch 18+ content.
Pornographic livestream and gambling applications often request numerous permissions to access users’ personal data (Photo: The Anh).
Furthermore, these are all illicit and unlicensed applications. Upon installation, they request a range of access permissions to sensitive data on your phone, such as images, videos, and the camera.
Speaking with Dân trí reporters, Mr. Dao Hoang Anh, a cybersecurity expert at SCS Cyber Security Joint Stock Company, stated that when an application requests access to the photo library, contacts, camera, and microphone, the biggest risk for users is a potential invasion of privacy.
“When users grant access, malicious actors can collect and steal personal information such as images, videos, audio, or even access banking applications to steal money or execute unauthorized transactions,” Mr. Hoang Anh explained.
Specifically, malicious actors can collect images, videos, audio, and personal information, then covertly send it to their servers for distribution. This data is typically uploaded via a hidden network connection in the background, unbeknownst to the user.
Harmful applications can silently collect and copy data for blackmail, fraudulent activities, or to disseminate victims’ sensitive information.
Additionally, illicit applications are fully capable of intercepting SMS messages and OTP codes if users inadvertently grant access or install apps from untrustworthy sources.
Experts advise users never to install illicit applications to avoid security risks (Photo: The Anh).
On Android phones, this risk is higher because the system allows installing applications from unofficial stores. In contrast, the iOS operating system has stricter control mechanisms, making such incidents less common, unless the device has been jailbroken or has security vulnerabilities.
“When malicious actors gain the ability to read OTPs, they can exploit this to log into bank accounts, change passwords, perform withdrawal transactions, or hijack e-wallets. The danger is extremely serious because OTPs are the final critical authentication layer protecting users.
To prevent this, users should absolutely avoid installing unfamiliar applications, not grant SMS reading permissions to unnecessary apps, and regularly update their operating systems to mitigate risks,” Mr. Hoang Anh recommended.
