Secret data harvesting by popular apps on Google Play Store

A group of researchers from the University of Calgary, discovered a data-harvesting software from a company called Measurement Systems on dozens of apps in the Google Play Store. Apparently, this company has links to US national-security contractors: the Virginia-based Vostrom Holdings Inc., whose Packet Forensics LLC subsidiary works with the federal government on cyber intelligence.

Measurement systems’ software was harvesting user data like location information, email addresses and phone numbers, and was found on apps like Muslim-themed prayer apps with more than 10 million downloads or QR code readers.

It’s a common practice in the app industry to embed a piece of software from a company doing data analytics or location tracking for money, effectively selling user data. It’s a huge market, worth at least a billion dollars. The major issue with this practice is that such pieces of software can behave quite differently from what the companies behind it claim it will.

And this is what happened between the affected apps and Measurement Systems as well. Their software collects location data, even when users turned off the permission for location tracking – which is just the tip of the iceberg, there’s plenty more.

The unusual thing about this case, however, is that users were specifically targeted in countries in Central Europe, the Middle East and Asia – even though user data from the US and Western Europe are known to be the most profitable data. The Wall Street Journal suggests the reason behind this is that it’s countries in these areas the US is particularly interested in – considering security and counter-terrorism concerns, and geopolitical interests.

While Google banned the affected apps from its Play Store after the discovery, it’s just another incident adding to the large pile of big tech’s scandals around data harvesting and leaking. According to the WSJ, there is a gigantic market for user data collected from smartphones, and connected cars and other devices, with the purpose of understanding behavioral patterns, the movement of populations and more. And demand for this data is only rising.

Which brings me back to a blog post I recently wrote on how users are trapped in a cyberspace that exploits their personal data and allows for censorship, hate speech, disinformation, political targeting and surveillance to thrive.

We deserve a fair, equal and safe environment for our digital lives. One that empowers us with digital sovereignty and control over our data. And for such an environment to become a reality, we need an Internet infrastructure that is safe, secure and private by design.

Let’s take charge and build the digital future we want to live in!