After being exposed, Google has removed 20 apps from the Google Play marketplace upon learning that they contained code for recording the user’s sensitive information. Though these programs, dubbed “Lipizzan” by Google researchers, were only installed on close to 100 phones, the implications of what could have happened are cause enough for worry.
As reported by Ars Technica, the programmers managed to exploit vulnerabilities in “root” devices running older versions of Android. This allowed the programs to bypass normal security and gain access to information they wouldn’t normally be able to interact with, all without alerting the phone’s owner of what was happening.
After gaining access, the program were then able to see the data sent, received, and stored through other apps installed on the phone, like Gmail or Messenger. Even apps like Whatsapp, Telegram, and Viber with entirely different encryption programs weren’t safe.
In addition to passive data collection, the apps allowed their creators to record phone calls, VOIP, and any sounds heard on the phone’s microphone, monitor the owner’s location through GPS, take screenshots and pictures, and fetch user and device information along with stored files. Essentially, anything one did on their phone was able to be monitored, including where they were and what they looked like.
The apps posed as utilities for cleaning out unwanted files and data backup services, a common ploy by hackers to earn a user’s trust and allow them access to computers without much consideration. Google claims there’s evidence suggesting these apps were created by cyber arms company Equus Technologies, similar to an April incident involving other surveillance apps developed by NSO Group Technologies and iOS spyware, Pegasus.
Thanks to their research conducted while investigating the Pegasus app, Google was able to identify the Lipizzan apps quickly and put a stop to them before more phones were infected. They accomplished this through the Google Play Protect program, a tool that continuously scans a user’s downloaded apps to report if a problem has arisen. In this case, it managed to spot the data stealing and report to Google.
Prior to this, the develops were actually blocked from uploading their dangerous apps to Google Play previously. A second set of slightly modified apps appeared soon after, researchers spotting and blocking those without much issue, too.
If nothing else, this serves as a harsh reminder of why keeping our phones updated and secured is critically important.