Google pulls apps that may have harvested data from millions of Android devices

Google has pulled dozens of apps used by millions of users after finding that they covertly harvested data, The Wall Street Journal has reported. Researchers found weather apps, highway radar apps, QR scanners, prayer apps and others containing code that could harvest a user’s precise location, email, phone numbers and more. It was made by Measurement Systems, a company that’s reportedly linked to a Virginia defense contractor that does cyber-intelligence and more for US national-security agencies. It has denied the allegations.

The code was discovered by researchers Serge Egelman from UC Berkeley and the University of Calgary’s Joel Reardon, who disclosed their findings to federal regulators and Google. It can “without a doubt be described as malware,” Egelman told the WSJ

Measurement Systems reportedly paid developers to add their software development kits (SDKs) to apps. The developers would not only be paid, but receive detailed information about their user base. The SDK was present on apps downloaded to at least 60 million mobile devices. One app developer said it was told that the code was collecting data on behalf of ISPs along with financial service and energy companies. Measurement Systems also said it wanted data mainly from the Middle East, Central and Eastern Europe and Asia. 

“A database mapping someone’s actual email and phone number to their precise GPS location history is particularly frightening, as it could easily be used to run a service to look up a person’s location history just by knowing their phone number or email, which could be used to target journalists, dissidents, or political rivals,” Reardon said in the AppCensus research blog.

Though Google has pulled those apps from the Play Store, the researchers noted that they still exist on millions of devices. At the same time, they found that the SDK stopped collecting user data after their findings were revealed.

The Measurement Systems domain was registered by a company called Volstrom Holdings Inc., which deals with the federal government through a subsidiary called Packet Forensics LLC. A company called Measurement Systems S de R.L. “also listed two holding companies as officers, both of which share a Sterling, Va., address with people affiliated with Volstrom,” the WSJ noted. 

In a statement, Measurement Systems told the WSJ by email that “the allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defense contractors nor are we aware of… a company called Vostrom. We are also unclear about what Packet Forensics is or how it relates to our company.”

Lenovo 為台灣帶來 Tab P12 Pro、Tab P11 5G 及 Yoga Tab 11 三款新平板

Lenovo 今天在台灣發表了三款 Android 平板「新品」,不過雖然說是新品,其實好像都已經是去年的東西了,一直到現在才在台灣上市。這包括了 Tab P12 Pro、Tab P11 5G、以及 Yoga Tab 11。

‘Mario Golf’ will join Nintendo’s Switch Online Expansion Pack on April 15th

You can already play Mario Golf on the Switch thanks to Super Rush, but soon you’ll also be able to play the original game that started the series if you’re feeling nostalgic. Nintendo is giving Switch Online subscribers paying extra for the Expansion Pack tier access to the first Mario Golf published in 1999. 

The Nintendo 64 game lets you choose from characters that include Mario, his friends and allies, as well as his enemies, and play golf on Mario-themed courses. It has several gameplay modes, such as Tournament, Speed Golf and Mini Golf, though it was developed to be easy to play, even for kids. 

Nintendo launched the Switch Online Expansion Pack in October 2021 as a higher tier subscription that costs $50 a year. That’s $30 more than an individual basic subscription, but it will give you access to classic N64 and Sega Genesis games. The basic subscription only includes access to Nintendo’s NES and SNES titles. 

While the gaming giant launched the service with a limited number of games, it has added quite a few more since then. They include the original Paper Mario, Banjo-Kazooie and The Legend of Zelda: Majora’s Mask. Nintendo has also rolled out some improvement updates that fix several emulation issues plaguing the service since its debut, such as bad input lag.

The original Mario Golf will be available to Expansion Pack members on April 15th. 

The SEC is reportedly investigating Amazon over its use of third-party seller data

Back in 2020, a Wall Street Journal report revealed that Amazon employees routinely used data collected from third-party sellers to launch competing products for the company’s private-label business. The US Congress is already investigating the e-commerce giant over that practice, and according to The Journal, so is the Securities and Exchange Commission. Apparently, the SEC is looking into how Amazon disclosed its business practices, including how its employees used data for its private-label brands

As The Journal notes, the SEC is in charge of regulating how publicly traded companies communicate with their investors. It can impose fines and other enforcement actions against them if it finds that they had failed to disclose important business information to investors in a timely manner. As part of the probe, which has reportedly been underway for over a year now, the SEC asked for emails and other communications from several senior Amazon executives.

After the original report from The Journal came out, Amazon denied that it uses third-party seller data to launch competing products. It launched an internal investigation of its private-label division, but it refused to provide Congress a copy of its results. Last month, the House Judiciary Committee asked the Department of Justice to launch another investigation into Amazon over a possible criminal obstruction

The committee said back then that the company refused to turn over business documents and communications “to conceal the truth about its use of third-party sellers’ data to advantage its private-label business and its preferencing of private-label products in search results.” As you’d expect, an Amazon spokesperson denied that’s the case and referenced the “huge volume of information [the company has] provided over several years of good-faith cooperation with this investigation.”