Popular Muslim prayer apps, namely Al-Moazin Lite and Qibla Compass, among dozens of other apps were removed from the Google Play store after discreet data harvesting malware was found on them.
As per the report, Google has banned over a dozen apps from Play Store after it found that they included a line of code that was secretly harvesting user data.
The secret code was apparently engineered by a company linked to a United States defence contractor and they paid money to the software developers to incorporate the code into their apps. The code was siphoning off personal data phone numbers, contacts, etc from the devices.
The malware was detected in a number of popular Muslim prayer, and consumer apps. It also included a highway-speed-trap detection app, a QR-code scanning app, and numerous additional Muslim prayer apps that have been downloaded over 10 million times, on Android devices.
Serge Egelman and Joel Reardon, two researchers, uncovered the code’s behaviour while conducting auditing work for Android app vulnerabilities.
According to the two researchers, Measurement Systems S. de R.L., the Panamanian company that made the malware, is linked to a US-based Virginia defence contractor. The defence contractor undertakes cyber intelligence, network defence, and intelligence-intercept work for the US national-security organisations.
The app was secretly sending users’ sensitive data, including their phone’s unique IMEI identification number to the parent company.
Large amounts of personal data including email addresses, phone numbers, and user’s precise GPS location history were also being stored and shared. Passwords and files inside WhatsApp downloads folders were also being accessed.
The domain name of the company was found to have been registered by a US-based company, called Vostrom, in 2013. However, Measurement Systems denied having had any relations with it.
Google said that the banned apps could apply for reinstatement once the data-harvesting code was removed.