It turned out that the application to extract the call record of the smartphone was released on Google Play, is the purpose of the national monitoring by the Egyptian government?


By

Sriom

Check Point Software Technologies, which provides security products such as firewalls and VPNs , announced that `` Google Play has distributed applications that extract information such as calls targeting the people of Egypt. '' Did. The company believes that the developers of this spy app are involved with the Egyptian government.

The Eye on the Nile-Check Point Research
https://research.checkpoint.com/the-eye-on-the-nile/

Egypt used Google Play in spy campaign targeting its own citizens, researchers say | Ars Technica
https://arstechnica.com/information-technology/2019/10/egypt-used-google-play-in-spy-campaign-targeting-its-own-citizens-researchers-say/

The spy app “ IndexY ” was said to be “using more than 160 million Arabic phone number databases to look up phone number details”.



When installing IndexY, you will be asked for permission to access your call history and contact information. However, IndexY also recorded detailed data such as whether each call was outgoing, incoming or absent, and the time when the call was made. In addition, according to a Check Point Software Technologies survey, it is known that these data were not just collected but analyzed. The data that was analyzed was 'number of users by country', 'call log details', and 'foreign calls'.

According to Check Point Software Technologies, the reason that IndexY was released on Google Play was because “data analysis and inspection was not performed on the smartphone where IndexY was installed, but on the server to which the data was sent. ' Because Google can't determine the collected information, Google Play gives distribution permission to applications like IndexY. It seems that IndexY was installed 5000 times on Google Play, but it was confirmed that it was removed from the Google Play store in August 2019.

IndexY is considered to be part of the “Cyber Attack on Egyptian human rights defenders and civil society organizations”

announced in March 2019 by Amnesty International, an international human rights NGO.

Phishing attacks using third-party applications against Egyptian civil society organizations | Amnesty International
https://www.amnesty.org/en/latest/research/2019/03/phishing-attacks-using-third-party-applications-against-egyptian-civil-society-organizations/



In addition to IndexY, an app called “iLoud 200%” is thought to be related to cyber attacks by the Egyptian government. iLoud 200% has a function to collect and transmit location information when it starts, and to restart automatically even if execution is stopped. Since iLoad 200% was published not on Google Play but on a third-party site, the number of downloads is unknown.

in Security, Posted by darkhorse_log