Google removes apps for allegedly sending data to US intelligence services

Samsung Galaxy A12 leaning against an open lamp on the Play Store

Ryan Haines/Android Authority

TL; DR

  • Researchers discovered an SDK sending large amounts of data to a US defense contractor.
  • Google removed dozens of offending apps.
  • Affected apps should be removed, but may be relisted once the SDK is removed.

Google has taken down dozens of apps to collect data and send it to a company linked to US intelligence.

Malware on the Google Play Store is nothing new, but it’s usually the domain of hackers, ransomware gangs, and other malicious actors looking for financial gain. According to a new report from The Wall Street Journalthe latest set of malware contains a software development kit (SDK) that allegedly sends data to a defense contractor with ties to the US intelligence community.

At the heart of the operation is the Panamanian company Measurement Systems. Since Measurement Systems is a little-known company with an even lesser-known SDK that doesn’t add any useful functionality, it paid developers $100 to $10,000 or more per month to include it in their software. The SDK has been used in several Muslim prayer apps, a weather app, a speed camera detector app, and many more. In total, the compromised apps are believed to have been downloaded more than 60 million times.

Read more: We Asked, You Told Us: Most of You Have Never Encountered Malware on Android Phones

Measurement Systems told the developers that it collects data for internet service providers, energy companies and financial service providers. Interestingly, and coinciding with the connection to US intelligence, the company told the developers that it was specifically interested in data from the Middle East, Asia, as well as Central and Eastern Europe – the regions that the Ad companies usually don’t prioritize because they’re not as wealthy as in the US or Western Europe. For example, one of the weather apps has a large user base in Iran, a prime target for US intelligence efforts.

Once the SDK was active, it collected vast amounts of data, including precise location, phone number, email, and nearby devices. The SDK also had full access to the system clipboard, including all passwords stored there. The SDK could also scan parts of the file system, including where WhatsApp downloads and stores files. The researchers don’t believe the SDK can open the files, but it can use a hashing algorithm to match them to the files of interest. This reinforces the belief that the US intelligence services are behind the measurement systems since WhatsApp uses end-to-end encryption and the intelligence agencies are always looking for ways to obtain all possible information about the communication on the platform. .

See also: Is WhatsApp safe? How does its end-to-end encryption work?

The malware was first discovered by Serge Egelman and Joel Reardon, co-founders of mobile app security firm AppCensus. Egelman is also a research fellow at the International Computer Science Institute and the University of California, Berkeley and Reardon at the University of Calgary. The men described the malware as “the most privacy-intrusive SDK they’ve seen in the six years they’ve been reviewing mobile apps.”

After Egelman and Reardon informed them of the problem, Google quickly took action by removing the offending apps from the Play Store. Interestingly, it appears that the Measurement Systems SDK has stopped collecting data, although Google has done nothing to explain this behavior. It looks like Measurement Systems has disabled the feature on their end. Google also said apps can be relisted once developers remove the SDK.

Ultimately, the whole debacle should serve as a warning to developers who might be tempted to accept money in exchange for including a random, little-known SDK: if it sounds too good to be true, it probably is.

“This saga continues to underscore the importance of not accepting candy from strangers,” Mr. Egelman said.

Here is a list of known apps that contain the SDK. Users should remove these apps immediately and wait for them to be relisted on the Play Store.

  • speed camera
  • Al-Moazin Lite (Prayer times)
  • Wi-Fi mouse (PC remote control)
  • QR and barcode reader
  • Qibla Compass — Ramadan 2022
  • Simple weather and clock widget
  • Handcent Next SMS—Text with MMS
  • Smart Kit 360
  • Al Quarun Mp3 – 50 Reciters & Audio Translation
  • Audiosdroid Audio Studio DAW — Apps on Google Play

amoloans