Report: NSA found a way to “hijack” Google Play to install spyware on phones



Well, if you had any doubt that the NSA and national security agencies everywhere didn’t have the capability to treat themselves to your information, perhaps Edward Snowden’s latest leak will change your mind. The rogue ex-intelligence agent leaked another document to the press today detailing a program by the 5-Eyes Alliance (the US, UK, Australia, New Zealand and Canada) called “Irritant Horn.”

The idea — which was discussed at conferences and workshops in Australia and Canada between November 2011 and February 2012 — is that they could intercept the connection that happens between a smartphone and an app store when a user downloads an app, during which time they could drop a “payload,” of sorts, that would likely sneakily install some sort of spyware.

It was more than just an idea, too — the document suggests the agency did find a way to consistently and reliably intercept that connection for both Google Play and the Samsung Apps Store.. Whether they were successful in executing the other half of the strategy (dropping the “payload” and getting it installed without the user’s knowledge) remains to be known, as it’s not clear if any progress has been made on this project since these documents were drafted.

More than just receiving information, the alliance also explored the possibility of altering the information being sent to a device, potentially using misinformation to manipulate criminals, terrorists or anyone else they’d have a reason to spy on.

For what it’s worth, it’s long been revealed that the NSA and other intelligence agencies have developed software that could pull basically any bit of data they want from a phone, but this couldn’t happen unless they could guarantee a way to get the goods onto the phones in question. “Irritant Horn” may just be the last piece they need to complete the puzzle and help themselves to information whether a user likes it (or knows about it) or not.

The report also makes mention of a browser by Chinese search giant Alibaba called UCBrowser. Their studies found that the browser had a security hole that allowed those with the technical know-how to pull an alarming amount of device information from its users.

The 5-Eyes alliance reportedly used the exploit to find out about the possibility of covert operations being carried out by foreign military. It ultimately turns out to be an unrelated tidbit, though the leak and the ease of gaining access to the information supposedly sent good vibes around the offices of the intelligence agencies working on this project.

The Intercept and the CBC have a lot more information to dive into if you’re curious, so be sure to check them out when you can spare a minute. Let us know how you feel about all this straight ahead.

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

If you hurry, you can pick up the LG G Watch for only $50 [DEALS]

Previous article

Google reportedly re-introducing Android-based home platform codenamed Brillo at I/O 2015

Next article

You may also like


  1. OK, when planning a covert military operation, do not use UC Browser.

    Good to know – got it!

  2. so….should I be worried?? I’m not up to anything stupid on my phone….so why worry who is listening or watching. They must be pretty bored by now.


    1. ? It’s public knowledge that Michelle and Barack have fun together, should it be avail for all to see?of caurse not ,it is private even tho it is not a secret?

      1. Guess you missed the “*DELETE DELETE DELETE DELETE, WIPES PHONE*” in there….I was being sarcastic

    2. *click* “click* *click* Hear that JK? They’re on to you!

  3. Not accurate, ucbrowser was offering a newer version of the browser,and that offering was outside of google play,I complained to google about it. Never heard from it again.i guess google will have to encrypt.

  4. So this is actually how Carrier IQ was installed on phones. Remember all the companies stated they had no knowledge of it and I guess had an about face after the NSA got a hold of them and made them “admit” to it?

    1. No, it’s not how Carrie IQ was installed on phones. They came from the carrier that way.

    2. Carrier IQ was pre-installed by carriers, or by manufacturers on behalf of the carriers. Any denials were either covering their tracks or them denying that Carrier IQ could do anything nefarious (it could). Who knows, there could have been backdoors for the NSA in Carrier IQ as well. Either way, how or why would the NSA make the carriers admit anything? The NSA is all about secrecy.

      1. Clearly not since some of their worst projects in the name of “freedom and security” have come to light in the last year or two.

  5. lol

    I’d be more surprised to hear they DIDN’T ‘hijack’ smartphones

    1. Reverse reverse psychology?

  6. And NASA is going to use this for… Space exploration?

    1. I had to remove the comment as spam but I’m leaving your orphaned comment because I am laughing too loud at the idea of NASA spying on us.

      Funniest spam ever!

      1. I think it was a typo and they meant “NSA”. Probably auto-correct on their device or something LOL

        1. Or perhaps the NSA changed the comment to make us all think that person was crazy…or to shift eyes over to NASA! :O

          1. You’re on to something but we’ve missed the obvious evil controlling the NSA controlling the NASA spammer.


            And Skynet is already in space.

            Now the pieces come together and make perfect sense!

  7. Nsa should able to hack windoze any time

    1. Hacking windows?yes,against Ms ?lol.i bet Ms engineer are all waiting to be let loose .dont sweat it can be secure.ask grcdotcom.and he s beenon window for a long while,no anti-virus.hahaha

  8. So is it different now that Lollipop is encrypted? Maybe this among other things played a part in Google’s decision to encrypt.

    1. This has nothing to do with device encryption. They were/are hijacking the connection between the phone and the Play Store.

      BTW, Android supported device encryption long before Lollipop. It was supposed to be on by default in Lollipop, but after it crushed the performance of the N6, nobody else has had it on by default.

      1. Is the connection between google play and the phone not encrypted? Would they still be able to do this if it is?

        1. Not sure… I always assumed it would be encrypted. The source article doesn’t give much details on exactly how the NSA did this. Was it a simple MITM on a unencrypted connection, or did they have to exploit some SSL vulnerability?

Leave a reply

Your email address will not be published. Required fields are marked *

More in News