Google warning after dozens of ‘spy apps with ties to US government’ banned – check your phone now

DOZENS of apps with alleged ties to U.S. spy agencies have been yanked from the Google Play Store for secretly harvesting data.

According to the Wall Street Journal, the software had been downloaded by millions of people and included several Muslim prayer apps.

1

The software tracked GPS data and collected people’s phone numbers and email addresses.

Code discovered within the apps was written by Panamanian company Measurement Systems S. de R.L, cyber researchers wrote this week.

The firm is linked through corporate records and web registrations to a Virginia defence contractor that does work for U.S. national security agencies.

That work includes cyber intelligence, network defence and intelligence-intercept work, the WSJ reported.

The data-hoovering code was unearthed by two researchers who perform auditing work searching for vulnerabilities in Andriod apps.

University of Calgary researcher Joel Reardon and Serge Egelman, a researcher at the International Computer Science Institute of the University of California, Berkeley, published their findings on Wednesday.

As well as Muslim prayer apps, the code was discovered in a highway-speed-trap detection app, a QR-code reading app and a number of other popular consumer apps.

According to app developers, Measurement Systems paid developers worldwide to incorporate its software development kit into apps.

Most read in News Tech

It allowed the company to gather data from millions of users around the world, the WSJ reported.

According to documents reviewed by the Wall Street Journal, Measurement Systems told developers that it specifically wanted data from the Middle East, Central and Eastern Europe and Asia.

In total, apps housing the spyware had been downloaded onto more than 60million devices.

Reardon and Egelman shared their findings with federal privacy regulators and The Wall Street Journal.

As well as GPS data, phone numbers and email addresses, the code could also collect information on a phone’s clipboard, which can include passwords.

It also has the ability to scan parts of the phone’s system, including files stored in the WhatsApp downloads folder.

“A database mapping someone’s actual email and phone number to their precise GPS location history is particularly frightening,” Reardon wrote.

“It could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals.”

Apps running the dodgy software were removed from the Google Play Store on March 25.

However, Google’s action doesn’t stop Measurement System’s ability to continue to collect data from millions of phones where its software is already installed.

A spokesperson for Google said that the apps could return to the store if the software is removed.

According to Reardon and Egelman, the software’s creators stopped collecting data on its users and unplugged it shortly after the pair began circulating their findings.

The Defense Department previously said that it buys “publicly and commercially available data to inform analysis of foreign threats to national security.”

Measurement Systems denied all of the accusations about the company’s activities and claimed that it was unaware of any links to U.S. defence contractors.

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]