Google has removed apps that were found to be covertly copying contact information. More than a dozen applications have been withdrawn from Google’s Play Store after it was discovered that they had malicious code that collected people’s geolocation, telephone numbers, and email addresses.
A QR code scanner, a weather app, and Muslim prayer applications are among them.
Some of the apps have received over 10 million downloads. Google had previously reminded app developers that they should be transparent with consumers about the data they disclose.
After Huq, a British business that collects location data revealed to the BBC that at least two app partners had not obtained the right user permissions, Google stated in December 2021 that applications that do not comply with its data policy risk being removed from the Play Store.
The applications had a software development kit (SDK) that communicated sensitive information to third parties, according to the researchers who found the vulnerability.
Researchers Joel Reardon of the University of Calgary and Serge Egelman of the University of California, Berkeley, issued a study outlining their findings. One such software was a QR code and barcode scanner that had over five million downloads – the kind of stuff you’d install to use either once twice and afterward forget about.
The app was covertly transferring users’ personal data, including their phone’s unique IMEI identifying number, to Measurement Systems in Panama, which was linked back to Vostrom Holdings in Virginia, US.
According to the Wall Street Journal, this corporation has ties to the US government through a company named Packet Forensics. Apps that have been removed for illegally capturing user data can seek to be reinstated in the Google Play Store provided the problematic code is removed, according to a Google spokeswoman. If they don’t include the SDK, the bulk of the infringing applications are now available for download again.
I’m a regular viewer and subscriber to Naomi Brockwell’s YouTube channel, and she recently made a video on this issue that you should check out.