Google has removed dozens of apps from its Google Play Store upon learning they include software that secretly harvests user data.
As the Wall Street Journal reported Wednesday (April 6), the company behind that software — Measurement Systems S. de R.L. of Panama — is connected via records and web registrations to a Virginia defense contractor that does work for American national security agencies.
Related: Apple and Google Face Moment of Truth With Senate Hearing Over Antitrust Bills
The code written by Measurement Systems ran on millions of Android devices. The report noted that it has turned up “inside several Muslim prayer apps that have been downloaded more than 10 million times,” as well as a highway speed trap detection app, an app for reading QR codes and others, according to two researchers who discovered the behavior of the code in the course of auditing Android apps for vulnerabilities.
These researchers — Serge Egelman, a researcher at the International Computer Science Institute and the University of California, Berkeley, and Joel Reardon of the University of Calgary — shared what they learned with Google, federal privacy regulators and The Wall Street Journal, the report said.
The report added that Measurement Systems paid developers worldwide to incorporate its code, known as a software development kit (SDK), into their apps.
“This saga continues to underscore the importance of not accepting candy from strangers,” Egelman told the Journal.
He and Reardon founded a firm called AppCensus that reviews mobile app security and privacy, and the pair said the Measurement Systems SDK is the most privacy-invasive software of its kind that they’ve encountered.
It can “without a doubt be described as malware,” Mr. Egelman said.
Google says it removed the apps in question and would relist them if the software was removed. For its part, Measurement Systems called the allegations false and said the company was unaware of any ties it had to the defense industry.
The news comes at a time when Google is dealing with a host of regulatory troubles involving its Play Store.
See also: Google Can’t Punish South Korean App Developers Who Offer Payment Workarounds
On Tuesday, the Korean Communications Commission ruled that Google can’t prevent South Korean app developers from employing payment workarounds, which means the tech giant loses its digital sales commission edge.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More