The app in question comes preloaded on the flagship Sony Xperia Z3 and some other Xperia devices, and is the company's proprietary solution for backing up and restoring user data such as media, mails, messages and contacts on to a microSD card. The Backup and Restore app was earlier published and managed by Sony; though the app on Monday was reported to show "Nirav Patel Kanudo" as the publisher while it was managed by "HeArT HaCkEr Group".
Notably, the Backup and Restore app cannot be uninstalled from devices, which causes major problems for Xperia Z3 users who already use the app to back up their data. As of now, there is no official word on the status of the app already preloaded on Sony phones.
The breach of Sony's Backup and Restore app was reported by Xperia Blog, which notes, "Looking at the Play Store 'My apps' section on our Xperia Z3 reveals that the app is now managed by the "HeArT HaCkEr Group." As a system app, there is no way to delete the app either, so given the permissions this particular app has it is a serious issue."
The publication also speculates, "Potentially, Sony Mobile's Play Store account may be compromised, where the hacker has replaced the original app."
The Japanese company on its support forums has acknowledged the issue and writes, "Sony Mobile takes the security and privacy of customer data very seriously. We are currently investigating these reports. More information will follow as soon as we have fully assessed the situation."
As Android Police notes, being a proprietary app for select Xperia devices, the "app wasn't published on the Play Store before Saturday", and the hacker essentially exploited "the way the Play Store checks for updates to apps currently installed on your phone."
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.