Google has banned dozens of applications from the Google Play Store after discovering vulnerabilities that secretly collect user data. A report published by the Wall Street Journal indicated the discovery of malware embedded in apps related to Muslim prayers, which were downloaded on over 10 million devices, found during a vulnerability audit of Android apps by specialized researchers.
The report stated that "Measurement Systems," based in Panama, which is linked to this malware, was found to be associated with a contractor working in electronic intelligence in Virginia, who works for U.S. national security agencies. The newspaper noted that "Measurement Systems" paid developers around the world to add "special code" to their applications.
A Google spokesperson, Scott Westover, stated that the applications containing the "Measurement Systems" software code were removed from the Google Play Store since March 25. The newspaper quoted researchers Serge Egelman from the International Computer Science Institute at the University of California and Joel Reardon from the University of Calgary, who said that this "code" allows the Panama-based company to stealthily collect user data.
Egelman noted that many modern apps include what is known as "SDK," which is similar to a toolkit for developing applications provided by lesser-known companies like "Measurement Systems." These SDKs are often not well-audited or understood, making their addition tempting for app developers who receive money in addition to gaining detailed knowledge about their user base.
