From QR code scanners to prayer apps: millions of Google users have unwittingly loaded spy apps onto their smartphones. Some security researchers have come to this conclusion. For example, the applications sent location data without being asked and without permission.
Spy apps instead of QR scanners: Security researchers discover dangerous Google apps
If an app has more than five or even ten million downloads in the Google Play Store, it definitely has a relevant reach. This applies, for example, to several Muslim prayer applications, a QR and barcode scanner or a remote app for computer mice.
The problem with this: The list of applications that the security researchers from App Census published at the end of a blog post is by no means harmless. On the contrary: every listed app from the Google Play Store is de facto a spy app.
Software company in Panama collects personal data from Google users
And it doesn’t stop there. All apps found rely on a programming interface and software modules (SDK, Software Development Kit) from the Panama-based company Measurement Systems.
These built-in technical structures have ensured that millions of Google users have been unknowingly monitored.
Because although the apps mentioned actually had no access, the applications forwarded personal information such as location data, telephone numbers and even e-mail addresses to Measurement Systems without the consent of those affected.
Mysterious connections to the US government
But the US cybersecurity experts from App Census have discovered even more details. For example, reports this Wall Street Journal of strange company constructs.
According to the analysis, the code from Measurement Systems allows a direct link to be established with a security company in the US state of Virginia, which in turn works closely with several US federal agencies and secret services.
It is an open secret that those US authorities buy personal information from users from service providers. After all, the Ministry of Defense, among other things, had admitted such interns.
spy apps? Google only partially protects users
In total, the affected apps with the dangerous software modules were downloaded from the Google Play Store more than 60 million times.
However, the researchers had already shared their results with Google some time ago, so the affected applications were removed from the Google Play Store on March 25, 2022.
However, this does not solve the problem of spy apps. After all, the developers only have to remove the controversial software modules from their apps – and the way back to the Google Play Store is open to them again.
Ultimately, this means that millions of Google users cannot be sure in the medium term that they will literally be taken in by a spy app.