Google cracks down on dozens of Android apps, do YOU have one of these on your phone?

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Millions of Android fans unwittingly downloaded applications from the Google Play Store apps that included third-party code designed to harvest sensitive information, like email addresses, phone numbers, precise location information via GPA, and more, security experts have claimed. The impacted software would include weather apps, QR scanners, road traffic – with some of these Android apps each downloaded by over 10 million people from the Google Play Store.

The offending code was allegedly found on software development kits (SDKs) developers added to their apps after being paid. It’s claimed the SDK was the work of Measurement Systems, a company the Wall Street Journal said was linked to a Virginia defence contractor, which does cyber intelligence work for US national security agencies.

Measurement Systems has denied the allegations.

The researchers who came across all of this were Serge Egelman from UC Berkeley and Joel Reardon from the University of Calgary. Their findings were reported to Google along with federal regulators.

Egelman told the WSJ that the code “without a doubt” can “be described as malware”.

While in an AppCensus blog post Reardon said: “A database mapping someone’s actual email and phone number to their precise GPS location history is particularly frightening, as it could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals”.

Google Play Store: How to update on an Android device

When the findings were published the affected apps were taken down from the Play Store, but the programmes still existed on millions of devices. Researchers said at the same time they revealed its findings the SDK stopped collecting data from the apps it was already present on.

Reardon’s post on the AppCensus Blog explained how the SDK was positioned to developers, with app makers told it would help them monetise their programmes without the need for ads.

One piece of promotional material for the SDK said: “We’re a lightweight alternative monetization strategy instead of ad-based revenue, and we don’t sacrifice your users privacy or battery life”.

While Google purged the Play Store of apps that contained the SDK, it was able to be listed once again if the offending code was removed.

That has been the case for a number of the affected apps. You can find a list of programmes highlighted in the AppCensus post below.

Speaking to the WSJ about the allegations, Measurement Systems said: “The allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defence contractors nor are we aware of… a company called Vostrom. We are also unclear about what Packet Forensics is or how it relates to our company.”

Below is a list of the most popular programmes that included the SDK according to the AppCensus Blog.

If you have any of these apps, and they’re available right now on the Play Store, then check if there’s any updates available and if you want to continue using the programmes make sure you download the latest version.

Speed Camera Radar (Installations 10million plus)

Al-Moazin Lite (Prayer Times) (Installations 10million plus)

WiFi Mouse(remote control PC) (Installations 10million plus)

QR & Barcode Scanner (Installations five million plus)

Qibla Compass – Ramadan 2022 (Installations five million plus)

Simple weather & clock widget (Installations one million plus)

Handcent Next SMS-Text w/ MMS (Installations one million plus)

Smart Kit 360 (Installations one million plus)

Al Quran Mp3 – 50 Reciters & Translation Audio (Installations one million plus)

Full Quran MP3 – 50+ Languages & Translation Audio (Installations one million plus)

Audiosdroid Audio Studio DAW – Apps on Google Play (Installations one million plus)

Bitdefender – SAVE £££s

Bitdefender is one of the best-known brands when it comes to cyber protection and right now there is £42 off its Total Security package. This includes complete protection for Windows, macOS, iOS and Android and lasts for one year!


Source: Read Full Article