Google has removed from its Play Store the next batch of applications with a hidden function of collecting user data, writes the Wall Street Journal.
The developer of the spy code embedded in the applications is the Panamanian company Measurement Systems S. de R.L, which cooperates with the American special services. She also has ties to a defense contractor in Virginia specializing in cyber defense.
Spyware functionality in applications was discovered by security researchers during the audit process in order to search for vulnerabilities. The data-collecting code supposedly runs on millions of Android devices. Experts identified it in well-known applications, including a prayer application for Muslims, an application for detecting speed traps on the highway and a QR code scanner, and notified data protection regulators and Google about their discovery.
Measurement Systems allegedly paid application developers to embed its code into the SDK of their products. The code is able to receive location data, as well as extract information such as email addresses and phone numbers. The SDK can also view hashed data from WhatsApp image folders and even extract data about nearby computers and mobile devices, thus allowing you to find out who a person meets regularly.
For cooperation with the US government, Measurement Systems uses a subsidiary of Packet Forensics LLC. Although US intelligence agencies admit that they buy commercial data to analyze threats, details about this are not disclosed.
Special services have been collecting geolocation data recorded by mobile software for quite a long time and sometimes even ask developers for large amounts of user data. The fact is that such cooperation is very beneficial to developers. For example, Measurement Systems offers $100-100 000 per month.