Sony has a potentially serious issue on their hands as its “Back up & restore” app appears to have been hacked. Looking at the Play Store ‘My apps’ section on our Xperia Z3 reveals that the app is now managed by the “HeArT HaCkEr Group.” As a system app, there is no way to delete the app either, so given the permissions this particular app has (see below) it is a serious issue.
We’re not sure how the app has been hacked. Potentially, Sony Mobile’s Play Store account may be compromised, where the hacker has replaced the original app. However, we’ll wait to hear from Sony directly. The Google Play Store listing for this new hacked version can be found here (PLEASE DO NOT INSTALL).
At this stage, we can’t say whether this app is doing anything harmful, but we’ve contacted Sony and will let you know their response. In the meantime, check your phone to see if you are affected and we will post updates in this post.
Update: Sony has a quick update on its support forums:
“Sony Mobile takes the security and privacy of customer data very seriously. We are currently investigating these reports. More information will follow as soon as we have fully assessed the situation.“
Update 2: The app in question has been removed from the Google Play Store. Also it is no longer present in “My apps” within the Play Store app. We still await for the ‘all clear’ from Sony and an explanation on how this happened in the first place.
Update 3: Sony has released a statement explaining what has happened in this situation and that ultimately there was no risk to users:
“It appears that an unauthorised 3rd party developer created an application using the same name and identifier as our “Backup & Restore” service, and uploaded it to Google Play.
As the app mirrored our ‘Backup & Restore’ service naming structure, it appeared as downloaded on some products within Google Play’s “My Apps”, when in fact it wasn’t actually installed. We don’t provide ‘Backup & Restore’ on Google Play – it is pre-installed on Xperia devices, with all version and maintenance updates handled directly through our Update Centre. This application posed no risk to users, but has since been removed from Google Play.“
Permissions of hacked “Back up & restore” app