Google has taken steps to withdraw from the Play Store 11 apps used by millions of users after learning that they have secretly collected data. Security analysts found suspicious code in weather apps, QR scanners, prayer apps, and others.
As reported by the Wall Street Journalthe malware code was discovered by UC Berkeley researchers Serge Egelman and University of Calgary Joel Reardon who disclosed their findings to federal regulators and Google.
The malicious code is capable of gathering a user’s precise location, email, phone numbers, and more and was made by Measurement Systems, a company that is reportedly linked to a Virginia defense contractor. dealing with cyber intelligence and more for US national security agencies.
Measurement Systems has reportedly paid developers to add their software development kits (SDKs) to the apps. The developers would not only get paid, but they would receive detailed information on their user base.
The SDK was present in applications downloaded on at least 60 million Android mobile devices. Here is the list of offending apps:
- Speed Camera Radar
- Al-Moazin Lite (Prayer Times)
- Wi-Fi Mouse (remote control PC)
- QR & Barcode Scanner (developed by AppSource Hub)
- Qibla Compass – Ramadan 2022
- Simple weather & clock widget (developed by Difer)
- Handcent Next SMS-Text with MMS
- Smart Kit 360
- Al Quran MP3 – 50 Reciters & Translation Audio
- Full Quran MP3 – 50+ Languages & Translation Audio
- Audiosdroid Audio Studio DAW
Google retires other apps that may have collected data from millions of Android devices
Although Google pulled the malicious apps from the Play Store, the researchers noted that they are still installed on millions of devices, and they found that the SDK stopped collecting user data after the matter surfaced.
Measurement Systems told the Wall Street Journal that the allegations are false and that they are unaware of the facts.
You might be interested in: Google introduces a new security measure for Android applications