Google is reportedly banning dozens of apps that contain spyware
Dozens of apps — including Muslim prayer apps, a speed trap alert app and a QR code reader — were removed from the Google Play Store around March 25 after researchers found they included software to secretly collect user data that was developed by a company with to US security agencies The Wall Street Journal reported Wednesday.
The Panama-based company Measurement Systems S. de RL paid app developers to include the code in their software, allowing Measurement Systems to collect data from millions of users around the world, The Wall Street Journal reported.
Apps banned due to prohibited collection of user data can apply for reinstatement in the Google Play Store if the offending code is removed, a Google spokesperson told The Wall Street Journal.
Measurement Systems’ software was included in apps downloaded to at least 60 million devices, Reardon and Egelman said. The Wall Street Journalalthough the software reportedly stopped harvesting user data after the researchers announced their discovery.
After Reardon and Egelman informed Google about the spyware, Google launched an investigation that resulted in the bans on March 25, The Wall Street Journal reported.
Measurement Systems did not immediately respond to a request for comment Forbes.
The The Wall Street Journal found that Measurement Systems was linked via company records and an Internet domain registration to a Virginia-based contractor involved in cyber intelligence operations for US security agencies. The company refused The Wall Street Journal that it was involved in secret data collection or that it had any links to US defense contractors. The developer of Al-Moazin Lite app told The Wall Street Journal that the company had been led to believe that Measurement Systems was collecting data on behalf of Internet service, financial and energy companies, which Egelman said highlighted “the importance of not accepting candy from strangers.” Some apps using Measurement Systems’ software collected phone numbers, email addresses and GPS data, which they wrote could be used to track someone’s movements knowing only their phone number or email address, potentially a powerful tool for authorities looking to monitor and suppress dissidents. Governments sometimes hire mercenary hacking groups to harvest data from encrypted communications apps or to undermine infrastructure or critical services. Russia is a particularly prominent sponsor of hacking, posing a “serious and persistent threat to critical infrastructure both in the United States and around the world,” according to Justice Department officials. On March 24, the Justice Department announced charges against four Russian government employees who allegedly targeted thousands of computers connected to the energy sector in some 135 countries, including the United States, between 2012 and 2018.
Some apps that previously contained the Measurement Systems malware, including Speed Camera Radar, WiFi Mouse (Remote Control PC), QR and Barcode Scanner, Qibla Compass – Ramadan 2022, Simple Weather and Clock Widget and Handcent Next SMS-Text w/ MMS, are already back in the Google Play Store.
“Facebook Warns 50,000 Users Were Targeted by Spy-for-Hire Companies” (Forbes)