Google has pulled a battery monitoring app from its app store after security researchers discovered that hackers could have used it to send malicious text messages.
The Register reports that Google accepted the BatteryBot Pro app onto the Google Play Store, meaning that Android users were able to download and use the app. But researchers from Zscaler Research looked into the app and found some worrying things happening in the background.
The app asked for full permission to manage a smartphone, which a normal battery monitor app doesn’t need.
Researchers dug into the free app’s files and found that the BatteryBot Pro app could have been used to hijack a smartphone and send text messages. When users tried to check their battery level (which is what the app is meant to do) it sent premium rate text messages, charging the bill to the user.
Here’s what researchers found when they dug into the app’s source code. It asks for permission to send text messages, make calls, and download files in the background:
It also secretly downloaded other pieces of malicious software in the background, and was able to do so because users had given it full permission to access their smartphones.
The battery app even managed to stop users deleting it. Zscaler Research says that the app made it impossible to uninstall. And even if a user did manage to get the app off their phone, it secretly downloaded more software in the background.
Google has now removed the app from its Android app store, according to The Register.
Business Insider has contacted Google for comment, and we will update this article once we hear back.