Sega has released a statement saying that the company is looking into claims that the Android version of Sonic Dash, Sonic the Hedgehog Classic and Sonic Dash 2: Sonic Boom, are leaking user location data, device info and other information.
Based on Google Play data, the games have been downloaded by somewhere between 120 million and 600 million users.
Pradeo, the security company that originally uncovered the flaw, says that the issue stems from advertising related tracking issues, as well as 15 other vulnerabilities caused by encryption weakness in the games.
“Sega works diligently to address any technical issues that could compromise customer data,” said Sega in a statement to ZDNet, as well as other publications.
Malware sneakily making its way into the Play Store isn’t new, with most unwanted malicious software harvesting user data, tracking the user’s location and in most cases, pushing unwanted and unavoidable advertisements.