Sony’s “Back up & restore” app gets hacked [Update]

by XB on 24th November 2014

in Applications, Problems, Xperia Z3 series


2014-11-24 09.43.07Sony has a potentially serious issue on their hands as its “Back up & restore” app appears to have been hacked. Looking at the Play Store ‘My apps’ section on our Xperia Z3 reveals that the app is now managed by the “HeArT HaCkEr Group.” As a system app, there is no way to delete the app either, so given the permissions this particular app has (see below) it is a serious issue.

We’re not sure how the app has been hacked. Potentially, Sony Mobile’s Play Store account may be compromised, where the hacker has replaced the original app. However, we’ll wait to hear from Sony directly. The Google Play Store listing for this new hacked version can be found here (PLEASE DO NOT INSTALL).

At this stage, we can’t say whether this app is doing anything harmful, but we’ve contacted Sony and will let you know their response. In the meantime, check your phone to see if you are affected and we will post updates in this post.

Update: Sony has a quick update on its support forums:

Sony Mobile takes the security and privacy of customer data very seriously. We are currently investigating these reports. More information will follow as soon as we have fully assessed the situation.

Update 2: The app in question has been removed from the Google Play Store. Also it is no longer present in “My apps” within the Play Store app. We still await for the ‘all clear’ from Sony and an explanation on how this happened in the first place.

Update 3: Sony has released a statement explaining what has happened in this situation and that ultimately there was no risk to users:

It appears that an unauthorised 3rd party developer created an application using the same name and identifier as our “Backup & Restore” service, and uploaded it to Google Play.

As the app mirrored our ‘Backup & Restore’ service naming structure, it appeared as downloaded on some products within Google Play’s “My Apps”, when in fact it wasn’t actually installed. We don’t provide ‘Backup & Restore’ on Google Play – it is pre-installed on Xperia devices, with all version and maintenance updates handled directly through our Update Centre. This application posed no risk to users, but has since been removed from Google Play.

2014-11-24 09.42.49 2014-11-24 09.43.07

2014-11-24 10.10.03 2014-11-24 10.10.11

Permissions of hacked “Back up & restore” app

2014-11-24 10.26.01 2014-11-24 10.26.11

Thanks Brad!

  • Ashish

    Is there any threat to people who already have it installed?

  • vida

    I have backup and restore on my phone but not this.
    I have official Sony version.

  • Ashish

    I mean, is the pre-installed one any threat??

  • XperiaBlog

    We don’t know right now, hopefully Sony will clarify this quickly.

  • Z2

    Is there package name for that app?

  • Kadek

    I think It’s just masking as sony backup and restore so it’s appear on Sony’s google play pages. Its definitely different app, by different dev. When I try to download the apk and install it manualy its show a package error. Even if it show on our google play page, its doesn’t appear on /data/app. The original one is located at /system/app/Backup-Wizard.apk. And sony never put the Backup and Wizard apk on the google play. So the dev only take signature name which is com.sonymobile.synchub and put the apk on google play so it will appear as installed. The truth is, the apps is never on your phone. (Pardon my English^^)

  • Samsung cock Apple testis

    i’ll bet that it’s the samsung users or apple users who’s doing this….just trolling

  • RJASSI

    I think it installed itself onto my Xperia z and I had 2 but I uninstalled both of them with the power of root and link2sd just to be on the safe side

  • z2

    I cant find the backup and restore in my apps list in the playstore…

  • Cyril Cygnus

    I got the bad version… And no way to remove it or to disable it

  • Raymond

    I can’t see it on the Play Store maybe removed already?

  • z2

    My version is 1.0.. M using z2 d6502

  • SSyar

    one can be confused by “Managed By : HeArT HaCkEr Group”

  • Xperience

    Yep guy just actually published that app to play store. I wonder why companies like Sony won’t blog their package names in google play?

  • Raymond

    Actually I don’t even have that installed. Lol.

  • Pingback: Backup & Restore - Android-Hilfe.de()

  • Bluetoo

    it is installed on ym phone, i didn’t evan install it and can’t remove it? help!

  • Luís Alberto Pérez

    Same here.

  • wei

    do we have to worry about automatic update replacing the versions on our phone with this one?

  • Dan Vafidis

    LOL dat joke, sony had’nt been hacked as it’s not sony who developped this app, it’s just a scam, Backup and restore is always preinstalled you dont need to find it on play store, so don’t worry

  • Dan Vafidis

    also it’s not a virus or something, they just made the Sony app working on any 4.4+ phone, don’t worry

  • Dan Vafidis

    you don’t have to worry, it’s not a virus or anything

  • Dan Vafidis

    no there’s no problem with this hacked version dont worry

  • Dan Vafidis

    no threat for anyone, don’t worry

  • Dan Vafidis

    no it’s just a hacked version of B&R, so other people can use it (who don’t have sony phones) it’s not a virus or anything no worries

  • Dan Vafidis

    no worries

  • Dan Vafidis

    u didnt have to worry anyway, Heart Hacker Group just modified the App so it can be used on other brands phones… it’s not even a virus

  • Bluetoo

    Cheers, thats a relief

  • the_black_dragon

    If it is previously installed –> Everything is fine
    if it got an UPDATE from play store –> you are fucking doomed!!!
    ok not THAT bad but you should immediatelyuninstall the update in App Manager.

  • dimz

    If the icon is red, it’s the original version so no harm done

  • Shehab Skull

    WTF!

  • the_black_dragon

    Yeah of course and everybody should trust a HACKED and STOLEN App… It marks as an System app Update!!!! Ant that is not allowed and very dangerous! No one knows what else is modified so go home!

  • Rubenos

    To block the app from working,use this:

    Step 1: Enable USB Debugging on your Xperia by going into Settings -> Developer Options. If you have not already enabled Developer options, you can so by tapping on ‘Build Number’ in Settings -> About Phone seven times.

    Step 2: Connect the device to your PC and open a new command prompt or Terminal window. Then, navigate to the folder where you had extracted the ADB file downloaded above using the “cd” command (Eg. cd desktop/android).

    Step 3: Make sure that your device is detected by your computer by entering the following command:

    adb devices

    Step 4: If you get a proper reply from ADB, copy-paste the following commands one by one.

    adb shell

    pm block com.sonymobile.synchub

    exit

    adb reboot

  • Niels d. G.

    I take it that you are part of this hacker group?

  • Niels d. G.

    This is just a copy of the *old* backup & restore app from Sony

  • f35hunter

    Don’t worry it is a fake up made by unknown developer you can check it by yourself it is not the official app so nothing to worry about dont panic

  • nope nope nope

    OHHHHHH MYYY FUCKINNNNNNN GOOOOOOOOOOOOOOOOOOOOSH

  • jose

    report

  • doomed

    DEFINITELY REPORT THAT

  • Paul M

    Yes, that appears to be a third party app somewhat resembling the official Sony one.

    Anyway, since I don’t use it. I cleared all the data for the Sony B&R app on my phone and disabled it just to be certain.

  • viridis

    Virus or not. This app, as it is a preinstalled system app on Xperia phones, now allows a hacker group to put an update out with whatever they want in it and it will automatically install on your phone as long as the permissions don’t increase.
    Sorry but that is a FACT

  • Prateek Bhanushali

    Nirav Patel….. Indian and specifically Gujarati

  • viridis

    Says who?
    Id rather not have a system app that has permission to read/write to every folder on my phone, in the updatable hands of a hacker group.
    They put an update on Google that harvests info and there’s nothing that can be done.

  • viridis

    Exactly

  • soooonyyy

    can this be a way to root ?

  • Aiden Pearce

    no such apps in my play store list..

  • Dan Vafidis

    it’s not an update, as long as you don’t install it you don’t have any problem

  • Aiden Pearce

    my Z3 is uncompatible with the app ha ha aha…nice one as**h*le hackers….su** on that…

  • Dan Vafidis

    don’t trust if you don’t want to, just don’t install it and no problem

  • lol! :)

  • Aiden Pearce

    also the app is pre-installed in our xperia and its updated via Sony Update Center not play store so choke on that…hackers…..

  • Why should Sony’s account have been hacked? That app seems to be just a modified copy. The dev just extracted the app from an xperia phone, hacked it and loaded it to the play store, but I can’t see the Sony google play account anywhere on that app’s page…
    Am I missing something?

  • Niels d. G.

    It’s not the same app, and it’s not pre-installed, it’s just a ripped and modified version of it and published separately on the Play store.

  • Guest

  • EPGuest
  • Pingback: L'app Backup & Restore di Sony è stata piratata: non aggiornatela! - Tutto Android()

  • TDQ

    Well, legacy Xperias are safe because legacies have com.sonyericsson.vendor.backuprestore(old Backup & Restore), but, Z3 Series, which includes com.sonymobile.synchub app(which is the new Backup & Restore app and hacked version is uploaded on play store), are seem to beware about it.
    Let’s wait to get sony says.(sorry to my bad english)

  • TDQ

    The official new Backup & Restore app has blue icon like that, same version 1.0.A.0.8, and has same permission as the hacked version. But I think the uploaded version might have a malware code.

  • DumbASS

    i take it you are a part of Al Qaida. mother fucking bastard.

  • Niels d. G.

    Sure am.

  • Pingback: Sony's Backup & Restore System App Compromised Via The Play Store()

  • Bandanananana Batman

    I commented about this on Android Police too. Yes it’s an Indian name, but it’s pathetically easy to Google random names. It could be George Bush behind this for gods sake and you would be assaulting some random Indian guy who didn’t do anything.

    I am not saying that there isn’t a possibility of an actual Nirav Patel being behind this, I’m just saying not to jump to conclusions and threaten any Nirav Patel one comes across for this.

  • Shubham

    Well all I can say is it’s an indian who has done this.. or of an indian origin coz that name NIRAV PATEL is surely indian!

  • Pingback: Sony's Backup & Restore System App Compromised Via The Play Store()

  • Pingback: CPN | Sony’s Backup & Restore System App Compromised Via The Play Store()

  • Pingback: Sony's Backup & Restore System App Compromised Via The Play Store - SPJ Mobile Network()

  • Guest

    Yes i’m infected (France and Z3 Compact

  • Antho Pierron

    Yes i’m infected (France and Z3 Compact in 4.4.4)

  • Pingback: Sony's Backup & Restore System App Compromised Via The Play Store - Hot Apps For You()

  • ash

    I have one friend with the same name :D

  • Prateek Bhanushali

    Hmmm, then Sony needs to address this issue effectively with patience !!!

  • Pingback: Sony’s Backup & Restore Android application reportedly compromised | 9to5Google()

  • carmelous

    @XperiaBlog
    UPDATE: maybe this app has been deleted from play store (if you try to find it, you can’t)

  • selfy

    From what I have been reading, if your “Backup & Restore” app’s apk location is in “/system/app” then you did not indeed receive this hacked version on your phone nor did your phone automatically update to it. Applications in the “/system/app” folder can only be updated via system updates from a bootloader/recovery flash activity.

    “The answer is no. Although the apps that are located in /system/app can be signed with a certificate that differs from the platform one, the update of these applications is possible only with system update.”
    source link:
    http://stackoverflow.com/questions/14760089/update-of-android-system-app-with-without-platform-signature

    To check the apk path use this link’s guide using “adb shell pm package list | grep sync” and then “adb shell pm path com.sonymobile.synchub” to verify that you only have a “/system/app” version of SyncHub (aka Backup & Restore) installed.
    http://stackoverflow.com/questions/4032960/how-do-i-get-an-apk-file-from-an-android-device

    TL;DR
    I think the “/system/app/SyncHub.apk” on Z3 and Z3c is safe from this seemingly “installed” version on the Play Store.
    If anyone on a different phone has the “/data/app/SyncHub.apk” installed then there is some more investigation warranted (and possible password resets, fear of ID theft, etc.)

  • Pingback: Aplikácia Sony Zálohovanie a obnovenie bola hacknutá - MojAndroid.sk()

  • mrnino

    It seems it was replaced app, because it was displayed in your (my) installed app even I did not install it.

  • mrnino

    App has been erased from store.

  • Battal Aljadei

    16Gb of memory and no option of moving the apps to the SD card !

    Save Sony from stupidities !

  • Pingback: La aplicación Backup & Restore de Sony podría haber sido hackeada - TecNoticiero()

  • Pingback: ????Xperia Z3??????????????????????????????? | ?????????????()

  • gmfady

    .jose sure!/done at 1st

  • gmfady

    definitely encourage all the Xperiasers 2 Report that .. & other Suspicious Apps

  • Or you can just root your phone and use FolderMount (the Pro ones) or GL to SD.

  • apolloa

    Typical script kiddy dumb idiots, nothing better to do and live in the false belief they are anonymous on the internet haha. It’s a shame Sony is lenient on hackers judging by the George Hotz incident, personally I would throw them all into a third world country jail and lose the key!

  • Guest

    I don’t think its any threat to the Sony Stock users. Aside Sony ensuring the play store account is secured, Google won’t entertain someone playing with an account serving millions of phones around the world.

    Relax!

  • Pingback: ???? ?????????? ???????? ???????????? ???????????????? ???????????? ??????????? ?????????()

  • Damn you.

    2 Flaws in your plan.
    1. Root for Z3 isn’t available… yet.
    2. Even if/when it is, you should not be made to go through the trouble to root your phone in order to manage your own media.

  • Wait… the screenshot isn’t coming from Xperia Z3 btw

    Yes, I know that not everyone wants to root their phone..

  • Pingback: Hacker attackieren Sony Pictures | Videogames.de()

  • Pingback: Sony Backup Restore App Hacked()

  • Pingback: Sony Removes Compromised Backup and Restore App From Google Play | Berita Unik Terbaru Terkini()

  • fried_egg

    If you were spoofing the real thing wouldnt you have correct English in the description? Anyway didn’t Sony kill off all of its back up things other than “myxperia” with the S as they just duplicated what Google did anyway?

  • Kenneth Fribert

    So lets all blame him :-D

  • Rob

    What has happened: Someone uploaded an app with the same package name as Sony’s backup and restore app (possible since it wasn’t on Play to begin with).

    What can this lead to: Nothing, the app will not have the same signature as the one in your phone, and thus it can not be updated. Google play will still map the package name to the version uploaded tho, making it look like there’s an update available.

    The real problem: Google apparently lets any joe-shmoe upload an app with a packagename starting with com.sonymobile.

  • Pingback: Sony has a potentially serious issue on their hands as “Back up & restore” app appears to have been hacked #xperia http://www.xperiablog.net/2014/11/24/sonys-back-up-restore-app-gets-hacked/ … | KIKIBUZZ()

  • Pingback: Sony Pictures é alvo de grande ataque de hackers | Tecnologia()

  • Pingback: Sony Pictures é alvo de grande ataque de hackers - Boa Informação()

  • Pingback: Malware in Googles Play Store: Fake-Sony-App im Umlauf » Computer Wissen Information()

  • HunsonAbadeer

    Besides system/apps can’t be updated from the playstore as a regular user app. So stay cool.

  • HunsonAbadeer

    As far as I know system/apps can’t be updated/installed/modified from play store UNLESS you flashthem through recovery or full system update … just ignore this app.

  • Pingback: Sony Pictures é alvo de grande ataque de hackers()

  • Pingback: Gefälschtes Sony-Backup-Programm im Google Play Store aufgetaucht | ZDNet.de()

  • Pingback: Hackangriff auf Sony Pictures – Interne Daten bedroht › NewsCouch.de()

  • Pingback: Sony Removes Compromised Backup and Restore App From Google Play | Cool Gadgets()

  • Pingback: Hacker legen Sony Pictures komplett lahm - Meta Thrunks Security Blog()

  • Ritwij

    Exactly. The resolution of the screenshot is 720p and the battery icon is of Android 4.3 ! Most likely an Xperia SP..or Xperia ZR / Z1 Compact on older version.

  • the_black_dragon

    of course they can c.O
    Play Store itself and all the other google Apps are also System apps and are Updated though Play Store

  • Pingback: Sony has a potentially serious issue on their hands as “Back up & restore” app appears to have been hacked #xperia http://www.xperiablog.net/2014/11/24/sonys-back-up-restore-app-gets-hacked/ … | KIKIBUZZ()

  • Jumbo

    Awwww.. they have a HEART.. How sweet.

  • Mathias Cronqvist

    Very intelligence indeed.

  • Abhijit Biswas

    What an investigation, join the CIA dude

  • Ritwij

    What makes you think I’m NOT in CIA?

  • chacha

    How can i restore my google play store please assist me.

  • Pingback: ?????? ???????? ?????????? Back up & Restore ?? Sony | App.Guide-box.ru()

  • Pingback: Sony’s Backup & Restore App hacked & Available in PlayStore()

Previous post:

Next post:

Sitemap