You need to delete this hugely popular Android app before it steals your money
As satisfying as it usually is to browse Google's Play Store in search of fun new apps, captivating games, or handy little tools to install on your Android phone and most of the times use for free, you need to be wary of the many dangers that can follow your every step.
They say nothing good in life is ever free, and although you generally only have to put up with the occasional ad to be allowed to use so-called "freemium" apps and services, the price you sometimes need to pay (often without even knowing) far exceeds a one-time payment of, say, $9.99 or a monthly fee of $2.99 or so.
While we've become accustomed to hearing about dozens of malicious new apps trying to fleece you or bombard your handset with ads once every few weeks, the latest such discovery is pretty unusual.
One app, 100 million+ downloads, 20 million+ suspicious transactions
That's right, the newest report published by mobile security platform Secure-D on owner Upstream's official website focuses entirely on one Android app. That doesn't sound so very dangerous, now, does it? With more than 3 million titles available through Google Play as of September, what are the odds you've even heard of this particular app?
Well, if you're into mobile video creation and editing and don't like to pay for your tools, there's actually a decent chance you've at least come across VivaVideo in your searches for the best app to help you with cutting, trimming, cropping, and merging video content, as well as adding text, stickers, music, and so on.
That's because this particular app has been installed more than 100 million times around the world, collecting over 12 million user ratings for an average 4.4-star score. That's... not bad at all, but instead of proving VivaVideo's reliability, that suggests its developers are incredibly skilled at masking the app's sneaky behaviors.
After all, code analysis doesn't lie, and Secure-D has amassed enough evidence since early 2019 (!!!) to prove VivaVideo frequently initiates unauthorized premium subscription attempts while also delivering "invisible ads to users." In other words, the app looks to generate illegal revenue in two ways, first by subscribing you to bogus services without your knowledge and second by tricking advertisers into paying commissions for fake clicks.
Secure-D's algorithms impressively managed to detect and block over 20 million "suspicious mobile transactions" attributed to VivaVideo during the lengthy aforementioned monitoring period, saving users a grand total of $27 million or so. Unfortunately, many other such payments may have gone through without anyone noticing, so you should probably check your financial history if you've ever used this app.
Should you delete the app or update it to the latest version?
The answer to that question obviously depends on how much you care about VivaVideo's functionality... and how much you like to gamble. According to Secure-D head Geoffrey Cleaves (via Forbes), while older versions of the app are known to be fraudulent, his team's research hasn't reached the same conclusion in regards to "newer ones"... just yet.
That could mean the shenanigans have stopped for good or the app's devs may have found new and better ways to conceal their true intentions. By the way, in case you're wondering why we're only finding out about all this shady behavior now, that's because VivaVideo seems to be specifically designed to halt its illegal activities when being monitored.
On top of everything, the app requires a bunch of unnecessary user permissions, which should be reason enough for many people to avoid installing it in the first place.
As always, Google's efforts to keep the Play Store a clean and safe place are failing, so if you don't like to roll the dice and risk losing money due to a free-to-download mobile video editing tool, our advice is delete VivaVideo as soon as possible. That's simply the right thing to do in these situations, no matter how popular the malicious apps are.
Things that are NOT allowed: