1 min read

Google Removes Spying Apps from Store; Data Possibly Collected by US Agencies

Silviu STAHIE

April 08, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Google Removes Spying Apps from Store; Data Possibly Collected by US Agencies

Security researchers have identified 11 apps that integrated a software development toolkit (SDK) from a sketchy company gathering a wide range of personal information and data, including location, phone numbers and more.

It's not unusual for Android apps to integrate SDKs, but Google regulates this pretty tightly. Some big companies, including Facebook, used embedded SDKs to gather user data. While the problem has yet to disappear from the Android ecosystem, it's no longer a significant issue.

Nevertheless, some companies still use this practice to gather data. Since Google doesn't condone the collection of user information through SDKs, the developers had to try to cover their tracks via various obfuscation techniques. Nevertheless, they were caught.

Security researchers from AppCensus took a closer look at the apps integrating this SDK and discovered that they all collect private data in some form. Some apps went as far as to gather phone numbers, email addresses, IMEI codes, GPS locations and the routers' SSID (the name of the Wi-Fi network.)

The apps had different implementations of the SDK, and the type of data differed from one to another, but there's a more interesting aspect of AppCensus' discovery.

When the researchers tried to determine when is data going, they hit a wall. After some investigation, they discovered that a Panama-based company named Measurement Systems collected the data. The company builds this SDK and promises money to developers who integrate it into their apps. But the story doesn't end there.

"A further whois on the domain name revealed that measurementsys.com was registered by VOSTROM Holdings, Inc., a Virginia-based company that has also registered Packet Forensics," said the researchers.

According to The World Street Journal, the Virginia-based company is a defense contractor that does cyberintelligence, network-defense, and intelligence-intercept work for US national security agencies.

Google removed the apps integrating Measurement Systems' SDK. Unfortunately, that doesn't stop the company from collecting data from the devices that still have the apps installed.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader