Popular Muslim prayer apps Al-Moazin Lite and Qibla Compass have been removed from the Google Play store after they were found to contain hidden malware for data collection developed by a company associated with US national security contractors.
The secret code for data collection was discovered by researchers Joel Reardon and Serge Egelman of the Appcense organization, while searching for vulnerabilities in Android applications. Last year, they discovered a number of programs that contained malicious code that allows you to monitor the owners of phones.
One of these applications was a QR and barcode scanner. Others were Muslim prayer apps, including Al Moazin and Qibla Compass (over 10 million downloads each). A similar code was also embedded in the weather widget. In total, infected applications have been downloaded more than 60 million times.
According to the study, the Panama-based company Measurement Systems S. de RL paid developers to include its code in their applications. As a result, the company was able to collect data on application users, which, according to the researchers, contained phone numbers, email addresses, IMEI information, GPS data and router SSID.
According to Reardon and Egelman, they found the most aggressive development kit they had seen in six years of studying mobile applications.
Application developers admitted to journalists that they were paid for the introduction of malicious code by Management Systems, a company registered in Panama. The representatives of this company were most interested in users living in the Middle East, Central and Eastern Europe and Asia.
Measurement Systems is associated with a defense contractor from Virginia involved in intelligence work for US national security agencies. The company told reporters that it does not engage in secret data collection, and denied having ties with American defense contractors.
Researchers believe that Management Systems is just a “gasket” for another company — the American defense company Vostrom Holdings from Virginia. Interestingly, Vostrom Holdings has another subsidiary, Packet Forensics. She is engaged in cyber intelligence and enters into official contracts for the “protection of federal networks” with the US government.
In January 2021, it became known that the developer of the Salaat First (Prayer Times) application, which reminds Muslims when to pray, recorded and sold detailed information about their location to a data broker without the knowledge of users, who, in turn, sold geodata to other clients.