Update: Not even antivirus apps are safe for you to download, so be vigilant about what you install
Google has pulled 11 apps from the Google Play store after discovering they secretly included software for harvesting user data. According to The Wall Street Journal (opens in new tab) the apps had been downloaded to over 60 million devices.
Those apps are reportedly including several Muslim prayer apps, speed trap detectors, QR code readers, weather apps and more. But despite their differences, each app contained code that could harvest sensitive user data.
Security researchers Serge Egelman from UC Berkeley and Joel Reardon from the University of Calgary discovered the code, passing on their findings to Google, federal regulators and the Wall Street Journal. Both confirmed that the code can “without a doubt be described as malware.”
The duo found that data being harvested is said to include precise location, email addresses, phone numbers plus data about nearby devices. The code can also apparently collect information pasted from the clipboard, and scan parts of a phone’s files system — including WhatsApp’s download folder.
Fortunately, the malware can’t access the contents of those files. However, it can use a system called “compare-by-hash” to compare them against known files.
While the apps are no longer available to download on Google Play, anyone with the apps installed is still at risk. A full list is available on the security researchers' blog (opens in new tab), but if you have the following apps installed, get rid of them right away:
- Speed Camera Radar by Road Soft (opens in new tab)
- Al-Moazin Lite (Prayer Times) by Parfield (opens in new tab)
- WiFi Mouse(remote control PC) by WiFi Mouse (opens in new tab)
- QR & Barcode Scanner by AppSourceHub (opens in new tab)
- Qibla Compass - Ramadan 2022 by AppSourceHub
- Simple weather & clock widget by Difer (opens in new tab)
- Handcent Next SMS-Text w/ MMS by Handcent (opens in new tab)
- Smart Kit 360 by Kafui Utils (opens in new tab)
- Al Quran Mp3 - 50 Reciters & Translation Audio by RabbiApps (opens in new tab)
- Full Quran MP3 - Ramadan 2022 - by AppSourceHub
- Audiosdroid Audio Studio DAW by Audiosdrois OU (opens in new tab)
You might also want to uninstall any other apps from those developers just to be on the safe side.
The malware code was reportedly developed by Measurement Systems, a Panamanian company with alleged ties to a Virginian defense contractor that performs cyber-intelligence for U.S. national security agencies.
The Wall Street Journal alleges that the company paid developers to add its software development kits to apps. One developer also told WSJ that Measurement Systems claimed to be collecting data for ISPs, financial services and energy companies.
Measurement Systems has denied the allegations, telling the Wall Street Journal that “The allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defense contractors”
Now is as good a time as any to invest in one of the best Android antivirus apps, which can scan your phone for known threats and act accordingly. Just because an app is available on an app store doesn't mean it's safe.
At the very least you should have a proper audit on what apps you have installed on your phone. Any apps that have been pulled from Google Play should be uninstalled right away.
Handcent was never stealing data, it was flagged by Google due to a name change of the developer according to a press release several days ago. It was corrected and is now back on the Play store.
If even half of this list are actually "stealing data" it makes you wonder what is the point of Google's checks and seal of approval for apps on the Play store.