Security researchers have identified 11 apps that integrated a software development toolkit (SDK) from a sketchy company gathering a wide range of personal information and data, including location, phone numbers and more.
It's not unusual for Android apps to integrate SDKs, but Google regulates this pretty tightly. Some big companies, including Facebook, used embedded SDKs to gather user data. While the problem has yet to disappear from the Android ecosystem, it's no longer a significant issue.
Nevertheless, some companies still use this practice to gather data. Since Google doesn't condone the collection of user information through SDKs, the developers had to try to cover their tracks via various obfuscation techniques. Nevertheless, they were caught.
Security researchers from AppCensus took a closer look at the apps integrating this SDK and discovered that they all collect private data in some form. Some apps went as far as to gather phone numbers, email addresses, IMEI codes, GPS locations and the routers' SSID (the name of the Wi-Fi network.)
The apps had different implementations of the SDK, and the type of data differed from one to another, but there's a more interesting aspect of AppCensus' discovery.
When the researchers tried to determine when is data going, they hit a wall. After some investigation, they discovered that a Panama-based company named Measurement Systems collected the data. The company builds this SDK and promises money to developers who integrate it into their apps. But the story doesn't end there.
"A further whois on the domain name revealed that measurementsys.com was registered by VOSTROM Holdings, Inc., a Virginia-based company that has also registered Packet Forensics," said the researchers.
According to The World Street Journal, the Virginia-based company is a defense contractor that does cyberintelligence, network-defense, and intelligence-intercept work for US national security agencies.
Google removed the apps integrating Measurement Systems' SDK. Unfortunately, that doesn't stop the company from collecting data from the devices that still have the apps installed.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsNovember 14, 2024
September 06, 2024