Researchers: Eleven Android apps collected data from millions of users

Spread the love

Two American researchers have discovered that a dozen Android apps, each with millions of downloads, until recently contained software to collect data from users. The company behind the software was doing business with the US government, according to the Wall Street Journal.

Researchers Serge Egelman and Joel Reardon of American security company AppCenus shared their findings in October 2021 with Google, the US government and then with The Wall Street Journal. In it, they stated that at least 11 Android apps such as Speed ​​Camera Radar, Al-Moazin Lite, QR & Barcode Scanner and Qibla Compass Ramadan 2022 contained code to collect large amounts of data from users without their knowledge. The other 7 Android apps are Wifi Mouse(remote control PC), Simple weather & clock widget, Handcent Next SMS-Text w/MMS, Smart Kit 360, Al Quran mp3 – 50 Reciters & Translation Audio, Full Quran MP3 – 50+ Languages ​​& Translation Audio and Audiosdroid Audio Studio DAW. The apps have since been removed from the Play Store by Google.

Some apps collected clipboard contents, device phone number, email addresses, and in some cases GPS location. The software also scanned the network for connected devices and collected MAC addresses. Not every app collected the same set of data. The researchers also established that the software could be controlled remotely and contained the option of sending text messages or simulating mouse clicks.

The data led to servers of Measurements Systems, an American company that operates out of Panama and according to the Wall Street Journal links with the US government. According to the newspaper, the American government, more specifically the defense department, buys data from commercial companies with a view to American national security. It is not clear whether the US government also used the data that Measurement Systems collected via the apps.

Google has removed the apps that contained the software from the Play Store. According to a spokesperson, the apps violated Play Store rules regarding data collection and could be re-admitted once the software was removed. This has already happened with some apps. According to the two researchers, the software stopped collecting data since the publication of the findings.

Update6:20 pm: Full app list added to the article

You might also like