Security News > 2022 > April > Google Play pulls sneaky data-harvesting apps with 46m+ downloads

Google pulled a slew of Android apps with more than 46 million downloads from its Google Play Store after security researchers notified the cloud giant that the code contained some sneaky data-harvesting code.

Google removed the apps as of March 25, but said they could be re-listed if they removed the dodgy code to comply with Google Play Store's rules for collecting users' data.

"All apps on Google Play must comply with our policies, regardless of the developer. When we determine an app violates these policies, we take appropriate action," a Google spokesperson told The Register.

"We were contacted in October of 2021 by Security Dynamic about what would correctly be characterized as a general company development environment primarily containing an archival snapshot of public video metadata such as program descriptions and talent bios," a spokesperson said in an email to The Register.

Even in a development environment, this data could pose a security risk as these environments often use the same storage repositories, middleware and infrastructure as live production environments, the threat researchers added.

The security researchers made it clear that they aren't implying any customer or user data was at risk, and they applauded the Fox security team for acting "Fast and professional" to close the exposed database.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/11/in_brief_security/