14 DAY TRIAL // A forum post on anonymous image board AnonIP shows that a developer created a function in a cloned Flappy Bird app that would surreptitiously collect all the photos on an Android device and send them to a remote server.
The legitimate developer gone rogue planned to release the clone of the game on Google Play but did not want to risk his developer license.
To solve the problem, he was willing to appeal to a second developer account, specifically created for the purpose of stealing pictures from infected Android devices.
For this, he asked for the help from fellow anons to pay for the account, according to a tweet from security consultant Nik Cubrilovic, showing an image of the post.
The scheme leveraged on users’ negligence to check the permissions of a mobile app upon adding it to the device. A game asking for access to stored photos is extremely phishy, but many users do not pay attention to these details.
Flappy Bird was a huge hit on Google Play, returning massive revenue to Dong Nguyen, its developer, until he decided to pull the app from the stores. The money stream was estimated at one point to be as large as $50,000 / €38,000 per day.
The Vietnamese developer has recently released another game, Swing Copters, which was cloned by scammers even before it hit the marketplace. When it was officially launched, the game came in 63rd place because of the fake apps.