1 min read

Google Removes Spying Apps from Store; Data Possibly Collected by US Agencies

Silviu STAHIE

April 08, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Google Removes Spying Apps from Store; Data Possibly Collected by US Agencies

Security researchers have identified 11 apps that integrated a software development toolkit (SDK) from a sketchy company gathering a wide range of personal information and data, including location, phone numbers and more.

It's not unusual for Android apps to integrate SDKs, but Google regulates this pretty tightly. Some big companies, including Facebook, used embedded SDKs to gather user data. While the problem has yet to disappear from the Android ecosystem, it's no longer a significant issue.

Nevertheless, some companies still use this practice to gather data. Since Google doesn't condone the collection of user information through SDKs, the developers had to try to cover their tracks via various obfuscation techniques. Nevertheless, they were caught.

Security researchers from AppCensus took a closer look at the apps integrating this SDK and discovered that they all collect private data in some form. Some apps went as far as to gather phone numbers, email addresses, IMEI codes, GPS locations and the routers' SSID (the name of the Wi-Fi network.)

The apps had different implementations of the SDK, and the type of data differed from one to another, but there's a more interesting aspect of AppCensus' discovery.

When the researchers tried to determine when is data going, they hit a wall. After some investigation, they discovered that a Panama-based company named Measurement Systems collected the data. The company builds this SDK and promises money to developers who integrate it into their apps. But the story doesn't end there.

"A further whois on the domain name revealed that measurementsys.com was registered by VOSTROM Holdings, Inc., a Virginia-based company that has also registered Packet Forensics," said the researchers.

According to The World Street Journal, the Virginia-based company is a defense contractor that does cyberintelligence, network-defense, and intelligence-intercept work for US national security agencies.

Google removed the apps integrating Measurement Systems' SDK. Unfortunately, that doesn't stop the company from collecting data from the devices that still have the apps installed.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Popular Devices Are Usually the Safest, Bitdefender Consumer Threat Landscape Report Finds Popular Devices Are Usually the Safest, Bitdefender Consumer Threat Landscape Report Finds
Silviu STAHIE

June 29, 2022

2 min read
CafePress Fined $500,000 for Not Disclosing Data Breach that Compromised 23 Million Accounts CafePress Fined $500,000 for Not Disclosing Data Breach that Compromised 23 Million Accounts
Silviu STAHIE

June 28, 2022

1 min read
Carnival Cruises bruised by $6.25 million fine after series of cyberattacks Carnival Cruises bruised by $6.25 million fine after series of cyberattacks
Graham CLULEY

June 28, 2022

2 min read