Google has removed a large number of Android applications from the Google Play Store, after a report was issued by The Wall Street magazine confirming that these applications contain hidden codes whose function is to harvest the personal data of users, which is the precise geographical location of the user, phone number, email and more, and you will notice that Most of these applications are of the religious type, as users tend to trust any religious applications, whatever their source, which makes them an easy opportunity to steal users’ data without their doubt. Other applications such as QR scanners, weather applications, and highway radar have also been discovered, and all of these applications have been downloaded. On more than 60 million devices!
According to the information, these hidden codes were made by a company called “Measurement Systems”, a company associated with a person who does electronic intelligence and more for the US national security agencies, which paid developers to use their own software development package (SDK), which they will not benefit from. Not only materially, but you will also inform them of detailed information about their user base. One developer of those apps stated that he was told that the code was collecting data on behalf of Internet service providers as well as financial services and energy companies.
This is how MAC and IP address data are collected by an old vulnerability in Android systems
A researcher on the AppCensus blog digs into one of those apps with these hidden codes, and they choose a WiFi Mouse (remote control PC) app that sends your device’s MAC address to the mobile.measurelib.com domain, even though the app doesn’t have Get address permissions, which are required to get the MAC address from your router, which means that the app uses a roundabout way to get this data without taking system permissions.
The researchers in the aforementioned blog were able to access the method used, as the application reads the local cache of MAC addresses and IP addresses, known as (ARP), which was a loophole in old Android systems, as it was not secured as necessary, which makes it easy to obtain without The need to take any permissions, even Android 11 version, which is what the app depends on; Since a large number of Android devices are running operating systems below 11.
In this way, a vulnerability was exploited in the old Android systems to collect sensitive data for users and transfer it to an unknown domain, but it did not stop here, but other applications using the same SDK were investigated, and this time a weather application called Simple weather & clock widget was chosen, which revealed About collecting the phone number, e-mail and everything that is copied in the clipboard.
Phone number, email and everything copied to the clipboard
Although all Android applications use the same mined SDK, they collect different data from each application, which the researchers were unable to explain, but what can be confirmed is that the weather application we talked about collects much more dangerous data than its predecessor, we We are talking here about everything you copy in your phone clipboard, and what is meant by the phone clipboard here is the memory in which any text you copy is saved so that you can paste it into any application or access it from the keyboard clipboard.
Now can you imagine how dangerous it is to go through and collect everything you copy into this clipboard? For example, passwords or personal data that you do not want to share. Unfortunately, some applications use that package of Measurement Systems as in this application, where the team of researchers found a line of code with “CB” which is an abbreviation for Clipboard, which includes a command to collect any text It is located inside it, as shown in the following picture.
It has also been observed that there are other transmissions of phone numbers and email address registered in the operating system, and it does not stop here, the application requests location permissions – as a weather application – which means that the user’s geo-address is also collected in addition to the location data based on the router.
It is scary to imagine that these Android applications collect this number of information, so you can imagine that it is possible to create a database that includes the name, phone, email and geographical location of each user, and then use that database to run a service to search for a person’s location record just by knowing Phone number or email and can be used to target journalists, opponents or political competitors!
Google is removing some of the apps associated with this bundle, but not all of them
Google has removed a number of applications that use the Measurement Systems SDK that we talked about from the Google Play Store, however, researchers have warned that these applications will not be automatically deleted from the phones of users who have already downloaded them, as well as a number of other applications Which has not been removed from the store yet, because once exposed the package stops collecting data immediately.
Fortunately, the researchers have informed us of the names of all the Android applications that use this suspicious package, and we recommend that you make sure that you do not have any of them on your phone, these applications are:
- Speed Camera Radar
- Al-Moazin Lite (Prayer Times)
- WiFi Mouse(remote control PC)
- QR & Barcode Scanner
- Qibla Compass – Ramadan 2022
- Simple weather & clock widget
- Handcent Next SMS-Text w/ MMS
- Smart Kit 360
- Al Quran Mp3 – 50 Reciters & Translation Audio
- Full Quran MP3 – 50+ Languages & Translation Audio
- Audiosdroid Audio Studio DAW – Apps on Google Play
And if you find that you have these apps, delete them immediately, and try to change your passwords, especially for those accounts that don’t support 2-Step Verification.