The apps were installed on at least 60 million devices. The trigger was a software library that may have ties to US intelligence agencies.
Dozens of Android apps were removed from the Play Store by Google after a software library was found that was collecting personal data without the knowledge of the users. International apps of all kinds are affected, such as a speed camera app called Speed Camera Radar, a weather widget for the home screen (Simple weather & clock widget) or the tool app Wifi Mouse, with which PCs can be controlled remotely.
Already reported to Google in October
According to the Wall Street Journal, the developers of the apps received money for integrating an advertising library. This is where the data collection came from. The library was supposed to collect non-critical data for Internet providers and companies from the financial and energy sectors. According to the research, the apps were installed on at least 60 million devices.
In addition to network information from users, the software library from Measurement Systems is also intended to collect personal data such as the clipboard, GPS coordinates, e-mail address and telephone numbers and transferred to servers in the network. The code was discovered by security researchers Serge Egelman from UC Berkeley and Joel Reardon from the University of Calgary. According to Reardon, the discovery was reported to Google back in October 2021. According to the Wall Street Journal, the apps were not removed from the Play Store until the end of March. According to Google, the developers can upload them again once they have removed the offending software.
It is still unclear to what extent the data collection is related to the activities of US intelligence services. Measurement Systems is a Panama-based company with ties to a US intelligence contractor in Virginia. According to the Wall Street Journal, Measurement Systems denies this. According to Joel Reardon, data collection has now been stopped by changing the server’s DNS records.