Several apps used by more than 50 million users have been removed by Google from the Play Store after learning that the applications in question harvested users’ personal information.
The malicious code was found in dozens of apps that harvested users’ addresses, phone numbers, and email addresses by Joel Reardon of the University of Calgary and Serge Egelman of UC Berkeley.
As per the Laptomag report, Reardon and Egelman reported (via Endgadget) the findings to federal regulators, which led Google to remove the apps from its store.
The code is believed to be written by Measurement Systems, a contractor providing cyber-intelligence to the US national security agencies.
It is very unlikely for a connection of this type to be harmful, but it is alleged that Measurement Systems has paid app developers to add their products to SDKs (development kits) in exchange for user information and payments.
In a recent AppCensus research blog post, Reardon stated that:
“A database mapping someone’s actual email and phone number to their precise GPS location history are particularly frightening, as it could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals.”
Other researchers are also concerned that even though the apps with the information harvesting code have been removed from the Play Store, they may still be used by millions of users.
When the Wall Street Journal first reported the story, they contacted Measurement Systems and received an emailed response stating: “the allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defense contractors, nor are we aware of… a company called Vostrom. We are also unclear about Packet Forensics or how it relates to our company.”
Researcher Reardon and Egelman compiled the list of the harvesting apps people should remove as soon as possible from their smartphones.
List of data-harvesting apps
- Speed Camera Radar
- Al-Moazin Lite (Prayer Times)
- WiFi Mouse(remote control PC)
- QR & Barcode Scanner
- Qibla Compass – Ramadan 2022
- Simple weather & clock widget
- Handcent Next SMS-Text w/ MMS
- Smart Kit 360
- Al Quran Mp3 – 50 Reciters & Translation Audio
- Full Quran MP3 – 50+ Languages & Translation Audio
-
Audiosdroid Audio Studio DAW – Apps on Google Play