Google has temporarily removed several seemingly harmless apps from the Play Store because they could spy on their users. A trail leads from the app's code to service providers of the US government.
The app's function descriptions actually sound harmless: "QR code scanner", "Simple Weather" or "Turn your phone into a wireless mouse". But the apps not only offer up-to-date weather forecasts or simple functions, they have also come under the scrutiny of security researchers. According to experts at IT security firm AppCensus, the apps contain code that could allow users to be monitored.
In a report published on Wednesday, the researchers warn that the apps sometimes pass on location data, phone numbers or email addresses to the servers of the little-known company Measurement Systems, which is registered in Panama. The data collection concerns apps that have been downloaded many millions of times. It is striking that among them are several Muslim prayer apps or a weather app that is apparently particularly popular in Iran. The entire list can be found at the end of a blog post by the researchers.
"Measurement Systems" denied having any connection with U.S. government contractors. However, the "Wall Street Journal" reported internal documents according to which the company promised developers up to $10,000 per month if their app delivered a particularly large active user base. According to the newspaper, however, it remains unclear what actually happens to the collected data.
The U.S. Department of Defense and other security agencies in the U.S. have already admitted in principle to buying up large amounts of data from commercial providers. The market for such data, including data obtained via apps, has become increasingly large and confusing in recent years. But such information is, in principle, an appealing alternative for security agencies faced with increasingly encrypted communications.
WSJ: Google Bans Apps With Hidden Data-Harvesting Software
Blog post: The Curious Case of Coulus Coelib