The revelation came from two researchers Serge Egelman and Joel Reardon who do auditing work in search of vulnerabilities in Android apps. They discovered the behavior of the piece of code and shared their finding with Google. The code is an SDK which is a Software Development Kit that is implanted on the users’ devices and can be described as malware according to one researcher. The data-harvesting code comes from a Panamanian company that is linked to a Virginia defense contractor through web registrations and corporate records. This contractor does the network defense and cyber intelligence work for U.S. national security agencies. The Panamanian company, Measurement systems’ pays developers worldwide to incorporate the software development kits into famous consumer apps. The code had been implanted in many apps and ran on many android devices and is found in many famous Muslim prayer apps that have been downloaded more than 10 million times and also in many consumer apps including a QR-code reading app and speed trap detection app. The code once is implanted on the user’s device, the SDK-laced programs steal personal data from the devices like phone numbers, location, and email addresses. Google removed the apps containing the Measurement Systems’ software from the Google play store. However, the app will be relisted again on the play store if the offending software is removed and the app comes out clean. The affected apps are trying to get rid of the code and get back on the Google platform. Also Read: Muslims Across the Globe Applauded Snapchat’s Live Stream of Ramadan Prayers in Mecca
