Google removes Android apps with spyware linked to US security agencies

Google LLC has reportedly removed dozens of apps from the Google Play Store after researchers found they included software for collecting user data for a company with alleged ties to U.S. security agencies.

The Wall Street Journal reported today that spy software found in the apps came from Panamanian company Measurement Systems S. de R.L. The company is said to be linked through corporate records and web registrations to a Virginia defense contractor who does cybersecurity intelligence, network-defense and intelligence-intercept work for U.S. national-security agencies.

The Journal claims that Management Systems paid developers worldwide to incorporate its software development kit into its apps. The SDK allowed the company to collect data from users of those apps. The company told developers that it specifically wanted data from the Middle East, Central and Eastern Europe and Asia.

The code was found inside several Muslim prayer apps that have been downloaded more than 10 million times, a highway-speed-trap detection app and a number of other popular consumer apps. In total, it’s estimated that apps with the spy software were installed on at least 60 million Android devices.

Serge Egelman, a researcher at the International Computer Science Institute and the University of California at Berkeley and Joel Reardon of the University of Calgary discovered the code and informed Google, federal privacy regulators and the Journal.

The two researchers run a mobile app security company called AppCensus. On the AppCensus blog, Reardon goes into more detail.

The software, described by Reardon as “Coulus Coelib,” receives various forms of data from users running apps with the code included. The software collects phone numbers, email addresses, GPS data and details such as phone identification markers.

The Measurement Systems SDK can also collect information stored in a phone’s clipboard, such as passwords, whenever the cut-and-paste feature is used and also has the ability to scan some parts of the phone’s system, including files stored in the WhatsApp downloads folder. WhatsApp is the most popular messaging app in the world.

“A database mapping someone’s actual email…