Google pulls Android apps that harvested data from millions of users

Google has pulled dozens of apps utilized by millions of users after discovering that they covertly harvested data, The Wall Street Journal has reported. Researchers discovered climate apps, freeway radar apps, QR scanners, prayer apps and others containing code that may harvest a person’s exact location, electronic mail, cellphone numbers and extra. It was made by Measurement Systems, a company that’s reportedly linked to a Virginia protection contractor that does cyber-intelligence and extra for US national-security businesses. It has denied the allegations.

The code was discovered by researchers Serge Egelman from UC Berkeley and the University of Calgary’s Joel Reardon, who disclosed their findings to federal regulators and Google. It can “without a doubt be described as malware,” Egelman advised the WSJ

Measurement Systems reportedly paid builders so as to add their software improvement kits (SDKs) to apps. The builders wouldn’t solely be paid, however obtain detailed details about their person base. The SDK was current on apps downloaded to not less than 60 million cellular units. One app developer stated it was advised that the code was accumulating data on behalf of ISPs together with monetary service and vitality corporations. Measurement Systems additionally stated it wished data primarily from the Middle East, Central and Eastern Europe and Asia. 

“A database mapping someone’s actual email and phone number to their precise GPS location history is particularly frightening, as it could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals,” Reardon stated within the AppCensus research blog.

Though Google has pulled these apps from the Play Store, the researchers famous that they nonetheless exist on millions of units. At the identical time, they discovered that the SDK stopped accumulating person data after their findings have been revealed.

The Measurement Systems area was registered by a company referred to as Volstrom Holdings Inc., which offers with the federal authorities via a subsidiary referred to as Packet Forensics LLC. A company referred to as Measurement Systems S de R.L. “also listed two holding companies as officers, both of which share a Sterling, Va., address with people affiliated with Volstrom,” the WSJ famous. 

In an announcement, Measurement Systems advised the WSJ by electronic mail that “the allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defense contractors nor are we aware of… a company called Vostrom. We are also unclear about what Packet Forensics is or how it relates to our company.”

All merchandise really useful by Engadget are chosen by our editorial crew, impartial of our dad or mum company. Some of our tales embrace affiliate hyperlinks. If you purchase one thing via one of these hyperlinks, we could earn an affiliate fee.

Back to top button