Lookout Warns App That Pays for Unused Text Messages Is a Big-Time Security Threat
Mobile security vendor Lookout is warning customers that an app that pays users to send text messages on their behalf is dangerous and should be avoided.
The app, called Bazuc, proposes that users allow them to send text messages from their plan. In exchange, it offers to pay users a tenth of a penny for each message sent.
But, contrary to the claims made on the site, Lookout said its testing showed Bazuc is sending mostly bulk messages rather than text messages from international users abroad.
“It’s very clearly only being used for bulk mailing,” Lookout principal security researcher Marc Rogers told AllThingsD. “In our entire testing we only saw three messages that came from a human.”
Rogers said the company also tried to send messages using a companion free international texting app but said it did not appear those messages were being sent.
A Bazuc representative did not immediately return a request for comment.
Rogers said the risk to those who use the app is enormous, ranging from getting angry phone calls from unhappy recipients, to seeing their phone lines canceled to perhaps facing legal liability if illegal messages are sent from their account.
“It’s the user that is going to be left holding the bag,” Rogers said. In addition, he noted, the website posts testimonials suggesting users can earn tens of dollars per month, when he said the figure is likely to be only a few dollars — and even at that level a carrier is likely to notice the excess usage and take action.
Rogers also said it is his belief that those sending the messages are being misled as to how their messages are being delivered. During testing, Rogers said, the company found large businesses — even some banks — using Bazuc to send texts to customers.
For its part, Lookout said it plans to warn those of its customers that have Bazuc installed as well as notify carriers and those who are using the other end of the service.
Lookout said it believes between 10,000 and 50,000 people downloaded it from the Google Play store alone.
The app, which had been in app stores including Google Play, has since been pulled, though Bazuc still has the Apple App Store and Google Play logos on its site. In fine print, the site notes the Apple version not yet available even though it uses the “available on the App Store” logo.
Bazuc still offers the app via its website (and as of Thursday afternoon, the company was actively trying to force it down to the computers of at least some of those visiting the site).