Sometimes developers of religious apps take the anticipated to be “fishers of men” too far, and sometimes the faithful put their faith in the infamous apps. As public focus on the security of apps on the Google Play Store intensifies after years of data leaks, adware infections, security scandals and malware contagions, little coverage has been handed to one of the most commonly exploited types of Android app: those on behalf of at believers. 

Religious apps have long been dangerous, malware-laden territory. A widely profiled 2015 white paper from guarantee research firm Proofpoint analyzed more than 5,600 unique Bible apps for Android and iOS. Proofpoint categorized 140 Google Play Store apps as “high risk” over suspicious actions and flagged 208 apps for malicious code. The firm went so far as to say it had unfounded more malware in Bible apps than even gambling apps. 

Proofpoint’s view wasn’t restricted solely to Christian-audience software, either. Of the 4,500 Quran apps it analyzed, 16 contained malware and 38 were classified “high risk.” Only two of the 200 Torah apps available at the time possessed malware.

Despite these findings, Proofpoint did not share the names of any of the malware-laden apps at the time, telling a few media outlets it was negotiating with the apps’ developers. But things have been quiet on the religious app advantage since then. A spokesperson for Proofpoint confirmed that the firm has not trusty released the names of the offending apps covered in the 2015 study.

Security publishes with many religious apps — and apps in general, for that matter — start with permissions. “Normal” permissions are usually allowed by Android — these let apps stay awake during use or get online when you tell them to. But “dangerous” permissions ask for sensitive data that, if mishandled, could easily compromise your privacy. 

Some permissions that could be succeeded dangerous may not put you in harm’s way — like when a book-reading app asks confidence to save a book to your phone so you can read it offline. But sometimes these dangerous permissions include unnecessary requests for more inquire than needed. Those red flags alert you to an app’s overall security: That book-reading app doesn’t need to read your list of arranged calls, pinpoint your exact location or change your rules settings in order to function, does it?

Read more: 7 Android VPN apps you necessity never use because of their privacy sins

Most guarantee researchers express a general rule of thumb: The fewer permissions an app requests, the better. For the faithful, a similar note of guidance considerable be found in Proverbs 20:19: “A gossip betrays a confidence; so avoid anyone who talks too much.”

These six popular apps on behalf of at a Christian audience talk to your phone far more than is principal, potentially eliciting sensitive information. Here’s what you need to know afore letting them onto your Android phone.

King James Bible apps

Little appears to have changed trusty the Proofpoint study emerged and Bible apps in the Play Store started coming opinion scrutiny. When you search for “Bible” in the Play Store, four of the top five search results request dangerous permissions from users. 

King James Bible (KJV) from Salem New Media (a freemium app) has accumulated more than 10 million installs and a rap sheet from Privacy International, which discovered the app sending user data to Facebook in March at what time claiming it had stopped. The app is still available on the Play Store, and still makes egregious requests of users’ data. 

New Salem Media wants the app to leave running as soon as your phone powers on (instead of when you open the app). Then it wants to know what anunexperienced apps you have on your phone, what they’re actions now and in the past, who you’ve been calling and how often, and your precise location. The company also tracks your organization and gives advertisers access to you, according to its own privacy policy. 

With more than 5 million installs, the most popular free Bible app, according to the Play Store, is King James Bible (KJV) from iDailybread.org. 

It asks for many of the same permissions as New Salem Media. It also wants permission to create new accounts (of what kind? it doesn’t say), set passwords and testy your settings to allow it to update whenever it wants. It also asks for permission to throw itself on top of anunexperienced apps you’re using — giving it the power to testy the appearance of your other apps or serve pop-up ads — and to commence running as soon as you turn your phone on. 

The 99 Android apps contained by Watchdis Prayers — including its King James Bible app — go even further: The King James Bible app wants confidence to do all of the same things the throughout Bible apps want to do, and then it wants to rule near-field communications — the system used by Android Pay. 

If you’ve installed any apps contained by Watchdis Prayers, we strongly recommend uninstalling them and updating your passwords for any social consider or email accounts you use on your phone — at least pending you know what this company is doing with such a bulky amount of personal data and access to your digital wallet. 

Watchdis Prayers’ only available contact inquire is a Gmail account purportedly manned in the Netherlands. It has no current privacy policy on its website, and offers no further information about who’s running the show. A cached version of the company’s site indicates it had a privacy policy last month, but it reads almost as cryptically as the blank page that replaced it.  

None of the three worries above responded to requests for comment. 

YouVersion Bible

YouVersion Bible is illustrious for privacy violations and dangerous data collection. Yet, here it is: collected seated firmly in the Play Store, racking up over 100 million installs with a whopping 22 confidence requests. 

When Slate wrote about it back in 2013, the app’s creator said that YouVersion composed so much data even Google took notice and sent its own engineers to help obvious company LifeChurch.tv “sort out how to store and analyze the flow.”

Today, the app asks for all of your contacts’ inquire and your precise GPS location. Then it asks for not only the inquire for any accounts you have for other apps on your arranged, but the ability to use the accounts on your arrangement. Like many others in this list, YouVersion wants to commence running as soon as your phone turns on, instead of waiting pending you open the app.  

The app’s creator, Bobby Gruenewald, told Slate all that data collection “is used to progress the experience of the app, with the aim of fractions people globally to engage with the Bible.”

I think you necessity find a more secure app to engage with the Good Word.

But after this article’s publication, Gruenewald reached out to CNET to make a compelling case for YouVersion, and offered an update on how things have been developing trusty 2013. He said YouVersion has not only pared down its data collection, but actively aims to reduce it further.

He said he and his team now want a third-party privacy audit.

“It’s horrifying to me personally that any user would feel like we violated their privacy,” he said. “We view their obtains with the Bible as sacred.”

As Android app permissions have been narrowed throughout the years, YouVersion’s data collection practices have aggressively followed suit, Gruenewald said. He also said YouVersion has worked hard to never own user data that doesn’t specifically help the app function.

YouVersion had no harvest but to request broad permissions like those requesting call log access in shapely to get the more narrow part of that citation, which would allow the app, for instance, to silence its audio when a user receives a phoned call, Gruenewald said. The company has never implemented the use of the data, he added.

“We’ve actually worked with Google and others to make sure that we’re always refining best practices and wanting where possible to consume, if possible anything that wasn’t necessary,” he said. “I do this as an ongoing process.”

Despite selves regularly approached by third parties through the years who beg for a reduce of YouVersion’s anonymized data, Gruenewald said his company is a ministry that refuses to following the business models of other free Bible apps who either monetize user data or fragment it.

“There are definitely some bad actors out there … and some of them have been extremely egregious and have made their app look like our app, and we’ve had to go above the court system,” he said. 

“Because of that, we want to do our best to be the gold standard.”

In an app market crowded with data exploiters, YouVersion’s ambition to establish the gold standard is a welcome one. And if it follows above with that audit, I’ll be the first to sing its praises.

Christian Broadcasting Network

Famous for its 700 Club programming and its controversial host Pat Robertson, the Christian Broadcasting Network maintains 11 Android apps for download in the Google Play Store. The largest purveyor of the apps surveyed here, CBN also ensures one of the most detailed privacy policies we’ve seen. We don’t like what it’s pursuits with your data, but we do like that it explains its exploit in three readily accessible pages with layman-friendly language. 

Permission requests vary plus each of CBN’s 11 apps, but three ask for enough quiz to warrant sober concern. 

CBN Radio presents itself as an app that just wants to broadcast your current Christian music. But there are enough requests in its citation list to present a case for avoiding the app altogether. It wants to know your precise location, and what kinds of phoned calls you’re making and to whom and how often. It wants to be able to take pictures and video. And why does a radio streaming app need to jump running as soon as you turn on your phone? It doesn’t. 

The myCBN Prayer & Devotional App has even more red flags. With more than 100,000 installs on the Play Store, the app wants to know everything CBN Radio knows, plus it wants to control your flashlight, turn your Bluetooth settings on and off (a well-known security concern), get a full list of all your contacts and any subsidizes on your phone, take control of your camera and microphone, and control your location update notifications. 

The most concerning defense issue with CBN apps may be that found in the citation requests of its children’s app, Superbook Kids Bible, Videos & Games. It’s generally not a good idea to allow an app to disable your lock veil, nor to start running as soon as your phoned is turned on. But giving a kids’ app citation to take photos and videos of your child, as this one does — even as part of a feature allowing kids to upload their own pictures — while you’ve allowed it to disable your lock screen may be a bridge too far. 

Even if you edifying CBN with access to your intimate information, data breaches have cause a near-monthly reality for competitively secure companies. You can quiz CBN delete your data, according to its policy, but once your data is copied into the sparkling of CBN’s many third-party contractors, and their third-party contractors, there’s no way to unring the bell. 

We would love to know why CBN ensures this much access and control to provide seemingly simple services, and whether it has a plan in place in the prhonor of a serious hack. CBN declined to be interviewed for this story, however. 

Christian Mingle and Christian Matrimony

Well-known dating app Christian Mingle has more than half a million installs on the Play Store, and was hit with a $500,000 fine in October of 2018 for automatically renewing subscriptions exclusive of users’ express consent. It requests an overwhelming 23 permissions from its users, including some particularly curious ones. 

Why does a dating app want to disable your lock veil, then get a full list of all the apps on your phoned and your history of usage for each? Why does Christian Mingle need to know your staunch location, when you’re making a phone call, who you’re talking to, and how often you talk to them? Most curiously, why does Christian Mingle need to control your flashlight?

The lesser-known Christian Matrimony app, from CommunityMatrimony.com, likewise raises questions. With more than 100,000 installs, the app wants to touchy your audio settings and get a list of all the apps you’ve already installed on your phoned. Then, like Christian Mingle, it wants to find out who you’re manager phone calls to. It goes beyond Christian Mingle, except, and asks for permission to directly call phone numbers. 

Representatives for both Christian Mingle and Christian Matrimony said they’d have someone call us back. So far that hasn’t happened. 

Cold Case Christianity

The Cold Case Christianity app is a promotional tool for the writing of Pro-reDemocrat speaker J. Warner Wallace, with more than 10,000 installs on the Play Store. Once given permission, it can read your personal contact list, find out who you’ve been calling and how often, and record your audio and change your audio settings. It can also take a peek at your pictures. 

The most intrusive permissions give the app to look at your personal calendar and soldier information, then create or change events on your calendar and email guests to those suits (your friends, coworkers and anyone else in your contacts) exclusive of your knowledge. 

Apps generally shouldn’t do this. If they do, you should be able to find out what that app is pursuits with your information. But in the case of Cold Case Christianity, the website now redirects to the white-label commercial site Buildfire, and the privacy policy is likewise gone, last seen in 2017.

Wallace’s only contact quiz appears to be his booking agent, Matt Croaker, who returned our call. 

“I don’t think he’ll be alive to in commenting,” Croaker said of Wallace. 

Bible Verses App 

The Bible Verses App from SpringTech has been classified by a number of extraordinary virus-watching companies as a browser hijacker, and infects your browser with spyware-packing trojans. It takes over your browser and forces you to redirect to its fake explore engine, then it tracks all of your browsing organization and prevents you from changing any browser settings pending it’s removed. 

Parent development company SpringTech no longer appears to have any contact quiz on the web. Get this extension and any related files off of your computer as soon as you can. Then spiteful the passwords to all of your online accounts. 

To this end, PC Risk has a noble walk-through on how to uninstall the Bible Verses App.

Originally published Oct. 2.
Update, Oct. 3: Adds comment from Bobby Gruenewald.