Two US researchers have discovered that dozens of Android apps, each with millions of downloads, until recently contained software to collect data from users. According to the Wall Street Journal, the company behind the program was doing business with the US government.
Researchers Serge Eagleman and Joel Reardon of the US security firm AppCenus . shared Their findings In October 2021 with Google and the US government and then with the Wall Street Journal. In it, they stated that at least 11 Android apps, such as Speed Camera Radar, Al-Moazin Lite, QR & Barcode Scanner and Qibla Compass Ramadan 2022, contain code to collect large amounts of data from users without their knowledge. The other seven Android apps are Wifi Mouse (computer remote control), Simple weather and clock widget, Handcent Next SMS-Text w/MMS, Smart Kit 360, Al Quran mp3 – 50 reciter and translation audio, Full Quran MP3 – 50+ languages and translation Audio and Audiosdroid Audio Studio DAW. The apps have since been removed from the Play Store by Google.
Some apps have collected clipboard contents, device phone number, email addresses, and in some cases GPS location. The program also scanned the network for connected devices and collected MAC addresses. Not every application collected the same set of data. The researchers also found that the software can be controlled remotely and has the option to send text messages or simulate mouse clicks.
The data led to the servers of Measurement Systems, a US company operating in Panama and According to the Wall Street Journal, Links with the US government. According to the newspaper, the US government, specifically the Department of Defense, buys data from commercial companies with the aim of preserving US national security. It is not clear if the data collected by the metering systems across the applications was also used by the US government.
Google has removed the apps that contain the software from the Play Store. According to a spokesperson, the apps violated Play Store rules regarding data collection and can be re-accepted once the software is removed. This has already happened with some applications. According to the researchers, the program has stopped collecting data since the results were published.
Update6.20 pm: The full list of applications has been added to the article