Google has pulled dozens of apps utilized by tens of millions of customers after discovering that they covertly harvested knowledge, The Wall Street Journal has reported. Researchers discovered climate apps, freeway radar apps, QR scanners, prayer apps and others containing code that would harvest a consumer’s exact location, electronic mail, cellphone numbers and extra. It was made by Measurement Systems, an organization that is reportedly linked to a Virginia protection contractor that does cyber-intelligence and extra for US national-security companies. It has denied the allegations.

The code was discovered by researchers Serge Egelman from UC Berkeley and the University of Calgary’s Joel Reardon, who disclosed their findings to federal regulators and Google. It can “without a doubt be described as malware,” Egelman informed the WSJ. 

Measurement Systems reportedly paid builders so as to add their software program growth kits (SDKs) to apps. The builders wouldn’t solely be paid, however obtain detailed details about their consumer base. The SDK was current on apps downloaded to at the least 60 million cellular gadgets. One app developer stated it was informed that the code was gathering knowledge on behalf of ISPs together with monetary service and power corporations. Measurement Systems additionally stated it needed knowledge primarily from the Middle East, Central and Eastern Europe and Asia. 

“A database mapping someone’s actual email and phone number to their precise GPS location history is particularly frightening, as it could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals,” Reardon stated within the AppCensus research blog.

Though Google has pulled these apps from the Play Store, the researchers famous that they nonetheless exist on tens of millions of gadgets. At the identical time, they discovered that the SDK stopped gathering consumer knowledge after their findings had been revealed.

The Measurement Systems area was registered by an organization known as Volstrom Holdings Inc., which offers with the federal authorities by way of a subsidiary known as Packet Forensics LLC. An organization known as Measurement Systems S de R.L. “also listed two holding companies as officers, both of which share a Sterling, Va., address with people affiliated with Volstrom,” the WSJ famous. 

In an announcement, Measurement Systems informed the WSJ by electronic mail that “the allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defense contractors nor are we aware of… a company called Vostrom. We are also unclear about what Packet Forensics is or how it relates to our company.”