Google has withdrawn dozens of apps from the Play Store that were secretly collecting phone numbers and other personal information. Muslim prayer apps, which have been downloaded over 10 million times, a barcode scanning app, and a highway speed trap detection app are among the banned apps. A data-scraping code was discovered in the QR code scanning software.
The apps that have been removed from the Google Play Store were found to be gathering precise location information, email and phone numbers, nearby devices, and passwords, according to a Wall Street Journal investigation. An SDK produced by Measurement Systems S. De R.L could also scan for WhatsApp downloads, according to the study.
The firm is tied to a Virginia defence contractor, which is said to have paid for them to embed its malware in their apps in order to gather customers’ data.
According to the Wall Street Journal, the invasive code found in the banned apps was discovered by two researchers, Serge Egelman and Joel Reardon, who founded AppCensus, a company that tests mobile apps for privacy and security. In 2021, the researchers revealed that they had contacted Google with their findings.
“A database mapping someone’s actual email and phone number to their precise GPS location history is particularly frightening, as it could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals,” one of the researchers, Reardon wrote in a blog post.
When Google was informed of the harmful malware detected in the apps, it did not respond quickly, and the apps were only removed from the Play Store on March 25. If the dangerous malware was removed, a Google official, Scott Westover, said the apps may be relisted. “All apps on Google Play, regardless of the creator, must comply with our regulations,” Google said in a statement. We take necessary action when we find an app that breaches our policies.” Some programmes that have previously withdrawn the software are now available again.