Background
Member Login
menu

Google Temporarily Banned 11 Android Apps That Were Secretly Collecting User Data

Android is a very capable operating system. But malicious apps somehow continue to make presence inside the official Google Play Store.

This time, Google has removed 11 apps used by millions of users, after finding out that they have been secretly harvesting user data. The apps did this using a malicious code that could be used to collect user's precise location, email, phone numbers and more.

The aps that were found doing this, include a number of weather apps, highway radar apps, QR scanners, prayer apps.

The news was first discovered by a pair of researchers, Serge Egelman, and Joel Reardon, both of whom co-founded an organization called AppCensus, who said on a website post that some "Muslim prayer apps are a major highlight in this list. Numerous Quran prayer apps are now booted from the Play Store for injecting code for data scraping."

They have disclosed their findings to federal regulators and Google.

The apps in question include:

  1. Speed Camera Radar.
  2. Al-Moazin Lite (Prayer Times).
  3. Wi-Fi Mouse (remote control PC).
  4. QR & Barcode Scanner (developed by AppSource Hub).
  5. Qibla Compass – Ramadan 2022.
  6. Simple weather & clock widget (developed by Difer).
  7. Handcent Next SMS-Text with MMS.
  8. Smart Kit 360.
  9. Al Quran MP3 – 50 Reciters & Translation Audio.
  10. Full Quran MP3 – 50+ Languages & Translation Audio.
  11. Audiosdroid Audio Studio DAW.

A company called ‘Measurement Systems’ allegedly paid big money for the listed apps to harvest user data. What the developers of the apps needed to do, is embed its software development kits (SDKs) into their apps.

The developers would not only be paid, but would also receive detailed information about their user base.

The SDK was found on at least 60 million mobile devices.

11 apps banned
Redacted transmission of phone number (top), and redacted transmission of email address (bottom). (Credit: AppCensus)

Measurement Systems is a Panamanian company that's reportedly linked to a Virginia defense contractor that does cyber-intelligence and more for U.S. national-security agencies.

The Measurement Systems domain was registered by a company called Volstrom Holdings Inc., which deals with the federal government through a subsidiary called Packet Forensics LLC, The Wall Street Journal reports said.

The company has denied the allegations.

AppCensus initially reached out to Google about its findings in October of 2021. However, the apps didn't do anything until March 25, when the company banned the said apps.

It didn't take long however, for Google to reinstate the 11 apps.

Google claimed that the 11 apps have been verified, and shall return to Google Play Store as long as they're no longer invasive.

Published: 
08/04/2022