Also going viral on social media today is the announcement of an app called “Bomoh Rescue Run”, or simply “BOMOH“. It may appear to be just like any other game available on Google Play, but we urge everyone to think twice about downloading the app to your smartphone. The app requires specific permissions that allow it to access virtually every part of your device, including your precise location, camera, microphone, and even your accounts.
As is the norm with all apps on the Google Play Store, each app requires the explicit permission of the user to access specific areas of the device it will be installed on. This would be the pop-up window you’d usually see after you click or tap on the “Install” button of the app page. Most of the time, nobody reads this for the simple reason that it is more of a formality than something you should be paying attention to.
The “BOMOH” page front on Google Play
Now this is where developer Triapps seems to take advantage of with the “BOMOH” app. The developers behind the game describe it as “a running game to rescue the passengers and crews to gain more points”. In the words of one of us at HQ, installing the app is like telling the developer “Yes, you can take over my phone now”. Why? Let’s take a look at the access the app requires:
1. Your location
- approximate location (network-based)
- precise location (GPS and network-based)
2. Your messages
- receive text messages (SMS)
3. Network communication
- full network access
- view network connections
- view Wi-Fi connections
4. Phone calls
- read phone status and identity
5. Storage
- modify or delete the contents of your USB storage
6. Camera
- take pictures and videos
7. Microphone
- record audio
8. Your social information
- read your contacts
9. Your accounts
- find accounts on the device
10. System tools
- access extra location provider commands
- send sticky broadcast
- test access to protected storage
11. Affects battery
- control vibration
12. Audio settings
- change your audio settings
If that sounds like a lot of requirements for an offline game, that’s because it does. The access required by the app that raises plenty of suspicion has been highlighted above in red. For instance, Facebook would require access to your camera and location, but why would this app need that? And why does it need access to your accounts and your contacts?
Let’s take another app as a comparison: Fun Run. It is an online real-time multiplayer racing game. Check out what are its access requirements:
1. Network communication
- full network access
- view network connections
- view Wi-Fi connections
2. Phone calls
- read phone status and identity
3. Storage
- modify or delete the contents of your USB storage
4. System tools
- test access to protected storage
And…that’s it. Four access requirements to an online game. Why does “BOMOH” require access to so many areas of your personal device? Something is definitely not right here, and we urge everyone to not download the app, even if it is for a little bit of fun.
Also, be wary of the deluge of spam posts appearing on Facebook, claiming to be a video that the missing Malaysia Airlines flight MH370 has been found.
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.