Yet another issue with Android app data tracking and app spying has surfaced. As reported by the Wall Street Journal, dozens of apps were banned (as of March 25th) by Google from the Play Store for secretly harvesting and spying on users’ app and phone data.
The code hidden within these applications ran on millions of Android devices. Examples of some of the applications that were affected include several Muslim prayer apps, a QR-code reading app, and a highway-speed-trap detection app.
The data and information that was retrieved on these Android devices may have included the following:
- Precise location
- Email addresses
- Phone number
- Device clipboard information
- Data of nearby devices and phones. This was possible when devices were connected to the same Wi-Fi network.
Who Is Behind The Data Harvesting Code?
It was found that a Panamanian company, Measurement Systems S. de R.L., was behind creating the data harvesting code. The company is linked to doing business with a Virginia defense contractor involved with U.S. national security agencies. They told app makers that they were interested in primarily collecting data from those in Central and Eastern Europe and Asia, and the Middle East. This is unusual as data in these parts of the world aren’t as valuable and sought out as data from the United States and Western Europe.
In response to the allegations of their code:
“The allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defense contractors.”
Who Uncovered The Code By Measurement Systems S. de R.L.?
The code was found by two researchers, Serge Engelman and Joel Reardon. They are co-founders of a company called AppCensus which examines the privacy and security of mobile apps. They reported their findings and the list of apps that contained the code to Google and the Wall Street Journal.
Specifically, Mr. Reardon stated:
“A database mapping someone’s actual email and phone number to their precise GPS location history is particularly frightening, as it could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals.”
Related Article: How To Secure Your Phone From Online Threats