Over 500 Android apps have been removed from Alphabet Inc (NASDAQ:GOOGL) Google Play store following a discovery that advertising software present in the apps was vulnerable to spyware. The software development kit that was found to be the culprit was Igexin which was created by a company based in China and which is used in targeted advertising services.
To be able to offer targeted advertising services and help app developers generate revenues, Igexin would collect user data in order to determine what ads to serve based on browsing habits and interests. But Igexin’s service had a vulnerability which attackers could exploit and sneak malware in and this was something its creator was not aware of. This vulnerability lay in the fact that the control server of the SDK had been compromised by attackers and was therefore susceptible to delivering malware to handsets.
Intimate user activity
Once the malware was installed on the device, attackers could also obtain user data as well as install other plugins remotely. Some of the plugins could be used in recording call logs and several other user data that is considered revealing and highly intimate.
The software development kit first came to the limelight after being spotted by Lookout, a mobile security firm. Lookout found that the software development kit was active in over 500 apps which had been installed from the Google Play store. While Lookout didn’t say which apps in particular contained the software development kit, the mobile security firm revealed that one of the affected apps was a game that was popular with teenagers and which had been downloaded over 100 million times.
Trusted source
There was also a photo editing app which had been downloaded five million times as well as an internet radio app which had around one million users. Other vulnerable apps include one focused on weather and others in various categories such as travel, fitness, health and education. While this was not the first compromised SDK on Android the difference was that the attackers had exploited an SDK from a trusted source.
On Wednesday shares of Alphabet Inc edged up by 0.23% to close the day at $942.58.