Just this spring, Google took numerous apps riddled with malware off of its Play Store. Its action came after various Android apps were discovered to contain data-harvesting code, sparking questions on cybersecurity and privacy.
Measurement Systems S. de R.L., a Panamanian company with connections to a Virginia-based contractor working with U.S. national security agencies, wrote the invasive code. Software developers were paid to add the code to their apps, allowing Measurement Systems access to otherwise personal data from users’ devices including phone numbers, email addresses, and GPS data. Developers often accept the code for extra cash and a personal look into details about their user base. Measurement Systems looked specifically for data on users from the Middle East, Central and Eastern Europe, and Asia.
Two researchers and co-founders of a cybersecurity company, Serge Egelman and Joel Reardon, discovered the malware and wrote a detailed report on their findings, providing it to the Federal Trade Commission and the Wall Street Journal. The Measurement Systems code was found extensively in Muslim prayer apps, a highway speed trap detection app, a QR-code reading app, and countless others downloaded on over 60 million mobile devices. Google acted swiftly after it was provided a copy of the report, removing the apps from the Play Store on March 25. Apps were allowed to return to the store after the malware was deleted from the code. Despite this action, the millions of phones where the software was already installed are still subject to data collection from Measurement Systems. After the company’s use of malware was publicized by Egelman and Reardon, the company stopped harvesting data.
The Department of Defense has been known to buy large amounts of data from commercial sources, though Measurement Systems denies any involvement in secret data harvesting or U.S. security.
Even Egelman and Reardon are unsure of the software’s true reach, beyond individual devices. With earlier infamous examples such as Edward Snowden’s exposé of the National Security Association, Measurement Systems is just another example of the ways the digital security and privacy of the world hang in the balance.
[Sources: Forbes; Wall Street Journal]