Google has banned a variety of apps after finding that they were secretly harvesting data, according to The Wall Street Journal.
The report indicates that research found that weather apps, highway radar apps, QR scanners, prayer apps and others used a code to harvest a user’s precise location, email, phone numbers and more.
The information scanning was reportedly done by Measurement System, a company that’s said to be linked to a Virginia-based defence contractor that does cyber-intelligence for U.S. national security agencies. The company denied the allegations.
Researchers Serge Egelman from UC Berkeley and Joel Reardon from the University of Calgary were the first to discover the code. The two researchers spoke to federal regulators, Google and WSJ to confirm that the coding is best described as malware.
Additionally, Measurement Systems reportedly paid developers to add its SDKs to the apps. Then, the developers would get the money and receive information about their user base. The app was reportedly downloaded to at least 60 million mobile devices. An app developer said to WSJ that he was told that the app was collecting data on behalf of ISPs, financial services and energy companies. Further, Measurement Systems said it wanted data mainly from the Middle East, Central and Eastern Europe and Asia.
Google pulled the apps from the Play Store; however, the researchers say the code already exists on millions of devices. However, they found that the SDK stopped collecting user data after their findings went public.
Measurement Systems told WSJ “the allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defense contractors nor are we aware of… a company called Vostrom. We are also unclear about what Packet Forensics is or how it relates to our company.”
Source: The Wall Street Journal