Recently, Mobile malware researchers warned about a set of applications available on the Google Play Store that are stealing the private data of users from over 45 million installs of the apps.
The apps consume credentials of the users through a third-party SDK in which it gets access to the users' capture clipboard content (store very sensitive data, such as crypto wallet recovery seeds, passwords, or credit card numbers), email addresses, GPS data, phone numbers, and even the user’s modem router MAC address and network SSID. This sensitive data could lead to significant privacy risks, the researchers said.
The famous and most downloaded app applications to be using this SDK to send sensitive data of users are enlisted below:
• Al-Moazin Lite – 10 million installations (phone number, IMEI, router SSID, router MAC address)
• Speed Camera Radar – 10 million installations (phone number, IMEI, router SSID, router MAC address)
• WiFi Mouse – 10 million installations (router MAC address)
• Qibla Compass Ramadan 2022 – 5 million installations (GPS data, router SSID, router MAC address) • QR & Barcode Scanner – 5 million installations (phone number, email address, IMEI, GPS data, router SSID, router MAC address)
• Handcent Next SMS-Text w/MSS – 1 million installations (email address, IMEI, router SSID, router MAC address)
• Smart Kit 360 – 1 million installations (email address, IMEI, router SSID, router MAC address)
• Simple weather & clock widget – 1 million installations (phone number, IMEI, router SSID, router MAC address)
• Al Quran mp3 – 50 Reciters & Translation Audio – 1 million installations (GPS data, router SSID, router MAC address)
• Audiosdroid Audio Studio DAW – 1 million installations (phone number, IMEI, GPS data, router SSID, router MAC address)
• Full Quran MP3 – 50+ Languages & Translation Audio – 1 million installations (GPS data, router SSID, router MAC address)
In the wake of the security incident, Google removed many applications from the Google Play store after discovering that they contain data harvesting software. Several Muslim prayer apps, a highway-speed-trap detection app, and a QR-code reading app, were installed more than 45 million times, as per the researchers.