Google has removed from its Android store about fifteen applications suspected of collecting personal data from their users on behalf of a subcontractor of the American intelligence services, reveals the the wall street journalWednesday 6 April.
These applications, for some very popular, contained code designed by a Panamanian company, Measurement Systems S. de RL, which presents itself as specializing in the collection of statistics for the creators of applications. According to the investigation of the American daily, the company is actually a subsidiary of Vostrom, a subcontractor of several security services of the United States. An American firm which very probably acted as a relay between the two companies, Measurement Systems S. de RL and Vostrom, was suddenly dissolved after a request for maintenance was sent by the the wall street journal.
According to the computer security company AppCensus, which revealed the existence of this spy code, Measurement Systems could access large amounts of very personal information, including the location or the telephone number of the users of these applications, even, in some cases, to part of the content of certain messaging. In an email to the wall street journalMeasurement systems denied “any connection with US defense contractors or with Volstrom” ; the domain name used by the company was however registered by an employee of Volstrom.
Targets in the Middle East and Iran
Measurement Systems approached several popular application publishers in the Middle East to convince them to use their software, for a fee. Among the applications monitored were several prayer services for Muslims, used in total by more than 10 million people worldwide, a scanner for QR codes and a detector of road radars. Data siphonings had previously been discovered in 2020 and 2021 in Muslim prayer apps, and again the recipient of the data was suspected to be a US security service.
According to internal company documents and testimonials from business partners collected by the the wall street journalMeasurement Systems was specifically looking to collect data from users in the Middle East, Central and Eastern Europe, and Asia. An uncommon practice, publishers of data collection services generally seek first and foremost users from North America and Western Europe, whose data can be resold at a much higher price.
The company’s list of geographies largely overlaps with US intelligence priorities – one application, a weather forecasting service, is particularly popular in Iran.