Google has banned dozens of apps on the Play Store that were secretly stealing users’ phone numbers and other important data. Some of the banned apps include ‘Muslim Prayer App’ which was downloaded more than 10 million times. A barcode scanning app and a highway speed trap detection app have also been found in it. Data-scraping code found in QR code scanning app. According to a Wall Street Journal report, the apps that have now been banned from the Google Play Store were collecting location information, email and phone numbers, nearby devices and passwords.
Research has also shown that an SDK developed by Measurement System SDRL can also scan for WhatsApp downloads. The company is tied to a Virginia defense contractor that it reportedly paid users to develop to include its code in its app to extract data.
The WSJ reports that the invasive code found in the banned apps was discovered by two researchers, Serge Egelman and Joel Reardon. These researchers founded an organization called App Census, which examines mobile apps for privacy and security. The researcher revealed that they had reached out to Google with their findings in 2021.
Reardon, one of the researchers, wrote in a blog post, ‘The database that maps a person’s actual email and phone number to their precise GPS location history is particularly scary, as it can be used to view a person’s location history. ‘
However, when Google was informed about the dangerous software found in the apps, it did not act immediately and then removed the apps from its Play Store on 25 March.
A Google spokesman, Scott Westover, said the apps could be re-listed if the dangerous software was removed.