Following the lead set by Apple, Google has promised to better protect the privacy of people who use Android-powered devices. This means that they are committed to removing apps from the Play Store that violate user privacy or that use sneaky tactics to harvest and resell personal data.
And now Google is taking these promises seriously. Around 15 popular apps were removed from the Play Store after they were found to be collecting personal data without clearly telling the user.
A shady data collection agency
Among the removed apps were a QR code reader, a speed camera detector, a handful of Muslim prayer apps and a weather app. Some of these apps were extremely popular with more 10 million downloads each.
Although the apps functioned as expected, they were also doing a lot more behind the scenes. Security researchers discovered that sensitive data – like the user’s location and unique phone identifier – were being collected secretly and sent to a company based in Panama called Measurement Systems.
Further investigation reveals that Measurement Systems is owned by US defence contractor Vostrom Holdings. This second company carries out cyber-intelligence, network-defense and intelligence-intercept work for US national security agencies. At this point it remains unclear whether the collected personal data was being sent to the US government or not.
The app developers may have made a mistake
The problematic apps all have one thing in a common – a shared API offered by Measurement Systems. An API is a section of code that provides common functions; developers can use APIs to accelerate coding, allowing them to build apps more quickly.
Some APIs are very common – Meta provides one that allows apps to log in with a user’s Facebook account for instance. But behind the scenes, the API also collects data from these apps to be used by Meta for advertising. This data collection has nothing to do with the developers, but it is built into their apps by default.
In the Measurement Systems case, developers relied on the API to help them monetise their apps easily. However most would have been unaware of the secret data collection taking place through their apps.
A positive step for user privacy
The Measurement Systems secret data collection routines are scandalous. However, the fact that Google took swift action to remove these apps from the Play Store as soon as the problem was uncovered is good news. These apps will not be able to steal any more data – or be installed on any other devices – until the problematic API is removed.
The removal of these apps is great news for Android users. Not only does it mean that they are less likely to install shady app, but also that Google is taking their promise to better protect users more seriously. We should look forward to seeing more invasive apps deleted from the Google Play Store in the near future.