Add Your VPN Review

Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.

Google Removes Apps for Secretly Copying Phone Numbers

By Will Ellis
Last Updated on January 8, 2024

Google has deleted more than 12 tools from its Play Store after discovering these contain malicious code which was capturing user locations, phone numbers, and also their email addresses.

Entries deleted included a QR code scanner, weather tool, and tools for Islamic prayer.

A few of the entries were downloaded over ten million times by users.

One Google spokesperson said that every app on Google Play needs to comply with their policies, whoever the developer is, according to the BBC.

And that if one of their services goes against a policy, Google undertakes appropriate actions.

Google indeed previously warned certain code-creators that it was important for them to be transparent with users about the data being shared.

What Happened

December 2021, it was reported that entries that failed to comply with Google’s new data policy would be removed from the Play Store which occurred when Huq, one British company which collects location data, said to the BBC that two app partners or more had not been permitted by users.

Researchers say that they found the problem, wherein entries contained a software development kit (SDK) used to send private data to a third party.

This report was published by two university researchers. The report found that one app was a QR code and barcode scanner, both of which had been downloaded over 5 million times – this is the kind of tool you download to use a few times and then forget.

These entries secretly sent users ‘sensitive data, such as their phone’s IMEI code, to a company located in Panama, and also associated with another in North America, Vostrom.

A Wall Street Journal report said there was a link between this firm and the US government organisation through another layer of companies.

Services banned for the illicit theft of user data can request to be reinstated on Google Play Store if the malicious code is removed, the Google spokesperson said.

Most of the banned entries are now available for download once again, but no longer have the SDK.

In December 2021, Google Issued Warning to SDK entries

Location harvesting data can be used in several different ways, for instance evaluating movement on the high street at a specific time

But Google has said app code-creators must be transparent with users about the data they share with Huq, a British company that gives out location data for a fee.

Google has warned that entries that fail to keep in line with this data policy will get banned from its Playstore.

This comes after Huq said to the BBC that more than two app partners had not gone through the correct user permissions. Huq added that the company took data protection “very seriously” and said it believed every collaborator was now compliant.

The system of partnered entries harvesting and sharing data with external clients is under growing observation by regulators and policy-creators worldwide.

Huq currently collaborates with many entries, which include an Islamic prayer service, a flight-tracking tool and a weather tool.

The code-creators for these entries include certain lines of code given by Huq which sends back location data – which Huq then collects and assorts. This data is then sold to other clients, including many UK councils.

However, a post by Vice in October found that many people were unaware that data was being shared when they used these entries.

The firm Huq further admitted to the BBC that over two entries shared data with the firm, without getting the correct permissions from users.

In October, Google implemented a new user-oriented data policy telling entries that they must be transparent about how data they collect is used.

Google released a statement about its investigation, warning that they have told app code-creators that the company is determined to make sure they do not violate Google Play policies.

But Google declined to comment on how many app code-creators received this warning.

According to Huq’s CEO, the company takes the importance of data protection and getting user consent seriously and will proactively keep in line with any initiative needed to make improvements in this area.

Huq claims they believe it is very important to them that they continue to work alongside their partners to ensure privacy by making sure best practices are continuously done.

Apple has also been asked for comments.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related news