US defense contractor allegedly planted dozens of malicious apps on Google Play
Date:
Thu, 07 Apr 2022 11:03:25 +0000
Description:
Google has removed dozens of malicious apps from the Play Store.
FULL STORY ======================================================================
Google has removed dozens of malicious apps from its mobile app marketplace, all of which allegedly contained code tied to a contractor employed by US national security agencies.
According to a Wall Street Journal report, the company that wrote the code is called Measurement Systems. The firm is said to have paid developers around the world to embed its software development kit (SDK) in their apps.
The precise number of Android apps that carried the malware is unclear (there were at least twelve), but according to the researchers responsible for the discovery the apps were downloaded at least 60 million times in total. TechRadar needs you!
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window << Targeting the Middle
East
Google has now removed the compromised apps from the Play Store, but they remain active and are still gathering data. The apps include a number of Muslim prayer apps (with more than 10 million downloads), highway-speed-trap detection apps, QR-code reading apps and other popular consumer apps.
Allegedly, Measurement Systems told developers they wanted data from users in the Middle East, Central and Eastern Europe and Asia.
Some of the offending apps have already been permitted to return to Google Play listings after removing the controversial code.
According to Serge Egelman and Joel Reardon, the researchers behind the discovery, the findings represent the most privacy-invasive SDK they have
seen in the six years they have been examining mobile apps. Read more
Beware Android users - These 23 apps may be spying on you
Some of the most basic Android apps might be spying on you more than you'd
think
Meta cracks down on mysterious companies spying on Facebook users
The SDK was gathering all kinds of data, from the precise location of the endpoints, to email addresses, phone numbers, and data on nearby personal devices. The device clipboard was also monitored, meaning whoever coped and pasted their passwords on the mobile device was at risk.
According to the researchers, the type of data harvested is highly unusual,
as consumer data brokers typically steer clear from data that is protected by privacy laws. Keep your devices safe from ransomware with the best ransomware protection services right now
Via Wall Street Journal
======================================================================
Link to news story:
https://www.techradar.com/news/us-defense-contractor-planted-dozens-of-malicio us-apps-on-google-play/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)