Please beware the Tap Snake

Insecurity outfit Symantec has warned that an Android gaming app can make it possible for users’ movements to be tracked in real time through their GPS data.

Tap Snake, which is being given away free as a modification of the Google Android Snake game, is a bit of a security nightmare.  The app logs a person’s GPS coordinates every 15 minutes and uploads them to a server accessible to another paid-for spying app called GPS Spy, Symantec said.

GPS Spy then downloads the data and uses this service to conveniently display it as location points in Google Maps.

All the app can do is give someone else a run-down of where someone carrying the phone has been.

Maxicom which makes GPS Spy, which costs $4.99 to download, tells users to download Tap Snake to the phone they wish to track.  The download page for Tap Snake itself makes no mention of the fact that it is is spyware. If it is, that is.

Tap Snake is not so much a security problem for Android so much as a sneaky  tool to spy on people.

 GPS Spy shows the last 24 hour trace in 15 min increments; data is kept for a week, which is long enough for you to work out if your husband is spending time with his secretary when he claimed he was popping out for 20 Rothmans.

According to Symantec, Tap Snake has been downloaded anything from 1,000 to 5,000 times, while GPS Spy has been downloaded 100 to 500 times.  This means that either people are downloading it for the game or one hundred or so people are spying on five mates each.

In order for a phone to be tracked, the attacker would need physical access to the handset in question to copy the code supplied by Maxicom when the app is installed, which then needs to be entered into GPS Spy.

This is unlikely to be obtainable for a stalker.  However, how many people have access to their partner’s phone for a few minutes while they are not around? Lots.

Nevertheless the app is being used by the tame Apple pressed to claim that Android is insecure in comparison to Jobs’s Mob, which looks at every app to make sure that it is safe.  It doesn’t of course, Apple looks to see if the app has boobies or Flash access and has been equally been caught out by the odd spyware application.