Google bans apps with hidden data-harvesting code from the Play Store

Google has removed hundreds of applications from its Google Play store after discovering that they have a software component that collects data covertly.

Measurement Systems S. de R.L., the Panamanian business that produced the malware, is connected to a Virginia defense contractor that offers cyber-intelligence, network protection, and intelligence-intercept operations for U.S. national-security organizations through corporate documents and online registrations.

The researchers who unearthed the code’s actions while auditing Android apps for security flaws found it inside numerous Muslim prayer apps with over 10 million downloads.

Developers were paid off

It was also present in a highway-speed-trap detection app, a QR-code reading app, and several other popular consumer apps. The researchers informed Google, a subsidiary of Alphabet Inc., federal privacy authorities, and The Wall Street Journal about their findings.

Developers worldwide were paid by Measurement Systems to put its code, a software development kit, or SDK, into their apps. According to Serge Egelman, a researcher at the International Computer Science Institute at the University of California, Berkeley, and Joel Reardon of the University of Calgary, its existence allowed the Panamanian firm to secretly collect data from its consumers.

This is malware

Modern apps frequently contain SDKs from unknown organizations like Measurement Systems, which are not audited or well understood by most developers, according to Mr. Egelman. App developers are typically enticed to include them since they provide a steady source of revenue and precise information on their targeted users.

Mr. Egelman stated that this incident emphasizes the significance of not accepting candy from strangers.

The men, who also co-founded AppCensus, a business that investigates the security and privacy of mobile applications, believe the program is the most privacy-invading SDK they’ve encountered in their six years of research. Mr. Egelman stated that it should, without a doubt, be described as malware.

Also read: Play Store intends to promote tablet apps using quality rankings

Whitepapers

Google bans apps with hidden data-harvesting code from the Play Store

Developers were paid off

This is malware

Stay tuned, subscribe!

ASML expands in China, but Huawei emerges as EUV challenger

UiPath strengthens agentic AI options with Peak acquisition

Pure’s FlashBlade//EXA should solve storage bottlenecks in AI and HPC

OpenAI introduces Responses API for building AI agents

Workday tracks AI agent ‘digital labour’ in core systems of record

Adam Evans explains how Salesforce keeps its AI on a leash

AI agents need Process Intelligence

SAP continues to build out AI capabilities S/4HANA, first steps with AI agents

Senior Account Solution Architect

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Are you data and AI ready?

Technology 2023: Four areas of focus

GovKube 25

IT Master in één Dag

Atlassian Team ’25

VeeamON 2025

GITEX ASIA

SAS Innovate 2025