Guest writer: James Green
James Green is a security researcher for Android antivirus company Armor for Android. James has worked in the Android security field for several years and provides privacy and security advice to Android users.
Looking to earn some extra cash with your Android smartphone? Bazuc is offering consumers cash for allowing them to piggyback on their phone service, but the service may also have some nasty repercussions. The idea is that consumers can sell the
unused SMS messages from their SMS plan to Bazuc who will then send out bulk SMS messages from the device. Google hasn’t looked fondly upon this service and has twice removed the application from Google Play (it is currently still unavailable through Google Play). The company’s founder, Richard Loomis seems unfazed by Google’s actions and says, “we don’t need Google Play to get the app out there.”
Bazuc falls into an Android security grey area. It doesn’t appear to be inherently malicious; following an analysis of the code there seems to be no reason to classify this as Android malware. But it does seem that Bazuc is a really precarious idea that could quickly lead to some unwanted results. Bazuc is best classified as Android Riskware. Proceed with caution if you must proceed at all.
It’s fair to say that at least Bazuc is forthcoming with the risks involved with their service. Bazuc offers a tenth of a penny for each text message sent using their service. This means for every 1,000 messages sent from a device you earn a dollar. To reach the $30 that Bazuc suggests as a reasonable monthly earning goal the service would need to send 30,000 messages from your device using your mobile service plan. They point out that sending more than 3,000 messages a day from a device is likely to get end with phone service being suspended by the mobile service provider. I would speculate that any service provider is also likely to take notice of text messaging usage suddenly jumping to tens of thousands of text messages being sent per month, and I wouldn’t expect them to be pleased about it.
Anyone using the service can limit the number of messages sent each day but has no further control over the text messaging content or recipients. The company states that they do their best to ensure the messages sent are legitimate; however, security firm Lookout estimates that 10.5% of all SMS traffic sent via Bazuc is phishing messages (2.5%) or spam (8%). As the consumer, your device and your phone number are being used to solicit these text messages to unknown recipients. It seems reasonable to assume you may receive calls or texts from of the recipients of these messages who have questions, perhaps angry questions. There may also be legal repercussions for distributing spam or phishing messages and you may find yourself responsible.
Another significant risk of this service is specific to anyone without an unlimited text messaging plan. Overages in text messaging as a result of this application could be potentially crippling, mobile service providers charge more per text message sent beyond the allotted plan limit than the tenth of a cent per message that Bazuc provides in return. Consider the following scenario; you have a mobile service plan with Verizon and 5000 text messages a month. In a normal month you send 1000 messages and you decide to use Bazuc to earn money from the unused texts in your plan. You accidentally exceed your text messaging allotment by 1000 messages. With Verizon you could be charged 10 cents per additional text message for those extra 1000 messages, you would expect to see an additional $100 added to your mobile phone bill. If for any reason you attempted to earn the $30 that Bazuc suggests is possible and send 30,000 text messages in a month, exceeding your plan by 25,000, you would receive an astronomical phone bill of an additional $2,500. The $30 dollars you would receive in return from Bazuc would offer little condolence.
Bazuc is available on third party app stores and is available through their website, which leads us to another of the company’s concerning practices. When anyone visits their website the Bazuc application is automatically downloaded after 20 seconds. Bazuc founder, Richard Loomis has stated that “I didn’t think this would be a big deal, since there’s no malware, viruses or advertisements of any kind.” While this may be true, it is generally considered good practice to let your customers decide for themselves if they would like to download your application. Automatic downloads are commonly used as a means to spread malware which does not cast a good light on Bazuc. Simply put, the automatic download feature seems aggressive and unwanted.
This is a clear case of Android Riskware and anyone should proceed with great caution if they are considering using this application. Bazuc is a non-malicious Android application that can result in some serious problems for users. I would hope that consumers can find better ways to earn a little extra cash. Or even perhaps save money on their mobile phone bills by changing to a smaller text messaging plan with fewer unused texts.
Licenses: All images in this post are author owned.