Google touts its Play Store as being a superior choice over third-party app stores due to various factors, such as how the company reviews apps and has security measures in place to make sure that malware doesn’t get past them. For the most part it works, but every now and then, some malicious apps do get past.
According to a recent report from the Wall Street Journal, Google has reportedly pulled and banned dozens of apps from the Play Store after security researchers over at AppCensus discovered that these apps were harvesting user data without their knowledge.
The affected apps cover a wide category of apps which includes weather apps, QR scanners, prayer apps, highway radar apps, and so on. It turns out that many of these apps used an SDK made by another company who allegedly paid these developers to use their SDK.
The selling point was that not only would they get paid, but the developers would also in turn receive detailed information about their user base, which is valuable information as it could help developers appeal to advertisers using that data, or hone their apps further by catering to their users and their needs.
While the apps have been pulled, the fact that they still exist on the phones of users who downloaded them is worrying, but AppCensus claims that following the publishing of their findings, the SDK had stopped its collection of user data.
Source: Wall Street Journal