If you download and use what appears to be a version of the commercial “Walk and Text” Android app from a file sharing site, you’re in for a surprise. When you run it, it shows you that it’s being “cracked” but it’s really gathering information from your device, in preparation for an e-smackdown. It sends a bunch of personal information (name, phone number, IMEI) off to a server, and, just for lulz, text messages everyone on your contact list:â€œHey, just downlaoded a pirated App off Internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck. Don’t steal like I did!â€
Finally, the app displays a scolding message to the user, saying, essentially, we hope you learned your lesson.
This is a similar tactic to music labels seeding file sharing networks with phony mp3s, or the whole concept of “Rick Rolling” on YouTube, but of course a whole lot darker, as in includes a punitive violation of your privacy and a public shaming. Ironically, one of the mechanisms used to perpetrate this takedown is Android’s own LicensingService and LicenseCheck routines, which are used to verify that an app has been licensed properly.
Symantec believes that this is the first example of an app developer striking out against unauthorized downloading in this way, but I suspect that it won’t be the last.