Dozens of Android apps on Google Play are found to be secretly sending user information to the outside and deleted



Google has removed dozens of apps from the Google Play store for containing code that secretly collects data. The Panama company Measurement Systems, which wrote the code in question, is reportedly connected to a defense-related company in the United States.

Google Bans Apps With Hidden Data-Harvesting Software --WSJ

https://www.wsj.com/articles/apps-with-hidden-data-harvesting-software-are-banned-by-google-11649261181

The Curious Case of Coulus Coelib – The AppCensus Blog
https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/

Google bans Android apps that were harvesting user data --Protocol
https://www.protocol.com/bulletins/google-android-apps-data-harvesting

According to AppCensus's blog, which investigates the security of mobile apps, for some reason in the process of auditing to find vulnerabilities in remote control apps on PCs, the MC address of routers, the contents of the clipboard of smartphones, and location information by GPS. , It turned out that the software development kit (SDK) running in the application secretly shared information such as the email address.

The shared data was sent to the domain 'mobile.measurelib.com'. AppCensus has identified 11 types of apps that communicate with this 'mobile.measurelib.com'. The apps in question included an app for Muslims who chanted the Quran, a speed control device detection app, and a QR code reading app. What they had in common was that they were using a specific version of the SDK developed by Measurement Systems.

Recent Android apps often include SDKs developed by lesser-known companies like Measurement Systems, said Surge Egerman, a researcher at the University of California, Berkeley. Many of the SDKs included in the app are not well audited and understood. ' This is because for app developers, inserting the SDK into the app is a source of revenue and also provides detailed user-based data.



And it turned out that the domain of 'measurementsys.com', the official website of Measurement Systems, was registered by a company called VOSTROM Holdings based in Virginia, USA. According to The Wall Street Journal, VOSTROM Holdings, through its subsidiary Packet Forensics, undertakes cyber-intelligence, network defense, and information interception operations for federal agencies.

When the Wall Street Journal asked Measurement Systems about the connection between Measurement Systems and VOSTROM Holdings, 'The point about the company's activities is incorrect. There is no connection between us and the defense-related companies in the United States, and VOSTROM Holdings I don't know about the company, and I'm not sure what Packet Forensics is and what it has to do with us. '

The SDK's data transmission issue was reported to Google in December 2021. Google spokeswoman Scott Westover said, 'As of March 25, 2022, we've removed the offending app from the Google Play store for collecting user data in a way that deviates from Google's rules. I did. ' Westover also said that removing the included SDK would allow the app to be reposted, and some apps have already resumed distribution on the Google Play store.

According to AppCensus, it was confirmed that the SDK stopped collecting user data immediately after publishing the survey results.

in Mobile,   Software,   Security, Posted by log1i_yk