Twitter users have raised concerns about the possibility of the Binance Android app containing spyware. This speculation comes after recent revelations suggesting that the TikTok social video platform contains spyware created by the Chinese government.
According to Twitter user @ShitcoinSherpa, who posted a screenshot of the certificate issuer, Permissions for the Android app requested by Binance include camera access and the ability to record audio. It should be noted that the application does not appear to have a public function that uses these functions:
The delicious irony of shitting TikTok because it’s Chinese spyware but still uses the Binance app 🙄 pic.twitter.com/rn9RGW2z88
– Sherpa (visit CoinHQ.tv) (@ShitcoinSherpa) July 8, 2020
The delicious irony of condemning TikTok as Chinese spyware but still using the Binance app 🙄
In an interview with Cointelegraph, Binance’s security director addressed the concerns and clarified a few questions:
“”The camera is used during the KYC process. The microphone definitely doesn’t use code developed internally in the Binance app. We have a third-party SDK that requests this permission. It is used during the KYC process. The third party is Megvii. It is used to scan IDs during KYC. We are trying to determine if we can get rid of this permission. However, Megvii may use background noise to detect fraud. We will notify you when we hear from Megvii to confirm the point above. “
@ShitcoinSherpa also clarified:
“I am not necessarily saying that it is spyware, but that the requested permissions are not required to run a replacement application. It has camera and audio permissions that shouldn’t be required for trading. However, malware was flagged in previous versions. Regardless of whether the results are false positive or not (as with ESET), these versions still had unnecessary access levels and are still marked. (…) It basically has the same access to user data as TikTok and it has the same concerns about: China, in my opinion. “
Common authorization requirements in mobile apps
Speaking to Cointelegraph on condition of anonymity, a source working for a malware lab said:
“It is not uncommon for applications to request more permissions than required. This is not necessarily a sign that they are doing something wrong and that users do not have to grant these permissions.”
The expert adds that the latest Android 11 updates may have prompted the company to “tighten up” measures to combat malicious mobile apps.
In 2017, a Reddit user asked if Binance’s PC or Android software contained “spyware”. At this point, a representative of Binance denied the user’s suggestion:
“Of course, it’s not spyware. Because of the network connections you need to make to provide accurate data (required for an Exchange platform), some antivirus programs can misinterpret it. It’s just a false positive. However, you can make your own decisions . “