acm-header
Sign In

Communications of the ACM

ACM News

Google Pulls Apps that May Have Harvested Data from Millions of Android Devices


A Google Play Store logo is seen on an Android portable device.

Though Google has pulled those apps from the Play Store, the researchers noted that they still exist on millions of devices.

Credit: Jaap Arriens/NurPhoto/Getty Images

Google has pulled dozens of apps used by millions of users after finding that they covertly harvested data, The Wall Street Journal has reported. Researchers found weather apps, highway radar apps, QR scanners, prayer apps, and others containing code that could harvest a user's precise location, email, phone numbers and more. It was made by Measurement Systems, a company that's reportedly linked to a Virginia defense contractor that does cyber-intelligence and more for US. national security agencies. It has denied the allegations.

The code was discovered by researchers Serge Egelman from the University of California, Berkeley and the University of Calgary's Joel Reardon, who disclosed their findings to federal regulators and Google. It can "without a doubt be described as malware," Egelman told the WSJ.

Measurement Systems reportedly paid developers to add their software development kits (SDKs) to apps. The developers would not only be paid, but receive detailed information about their user base. The SDK was present on apps downloaded to at least 60 million mobile devices. One app developer said it was told that the code was collecting data on behalf of ISPs along with financial service and energy companies. Measurement Systems also said it wanted data mainly from the Middle East, Central and Eastern Europe and Asia.

From Engadget
View Full Article

 


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account