China-based app maker ignored repeated warnings by researchers that its password database – stored in plain text – was accessible to anyone online.
A report found that a dozen connected devices are open to several security and privacy issues.
The app was developed by legitimate Chinese manufacturing giant TCL.
In parts of the developing world, dissidents and journalists face hostile governments and other threats — and mobile is their only access to the internet.
After researchers found more than 100 Android apps infected by malicious Microsoft Windows executable files, the apps have been removed from Google Play.
Some mobile apps can take and share screenshots and video of the phones’ app activity without users’ knowledge.
A battery-saving app enables attackers to snatch text messages and read sensitive log data – but it also holds true to its advertising.