The NSA and other agencies planned on injecting malware into smartphones through Google Play Store

BY

Published 21 May 2015

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure

Google Play logo

Security on our smartphones and tablets, the devices that hold plenty of attention about us, is an incredibly hot topic as of late.

With programs from a variety of agencies and organizations built to track, mine and otherwise store data collected from mobile devices, especially our smartphones, it’s a conversation that will not go away for quite some time. Now, a new topic has been revealed, with documents revealed by Edward Snowden, that showcases plans for the National Security Agency (NSA) and Five Eyes Allies (organizations in Australia, New Zealand, Canada, and the United Kingdom) to essentially hijack the Google Play Store to inject malicious software on smartphones and tablets that download apps from the digital storefront.

Tests were run in Australia back in 2011 and 2012 that saw the agencies trying to get the system to work, as well as developing other methods to inject the software onto the phones, according to a report published recently by The Intercept:

The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google.

The program was called Irritant Horn, and it was just one of many that these agencies planned on implementing to track and mine data from mobile devices. The idea was to gather the information without the user being aware that the syphon was even taking place, and one way to do that would be to infect the apps that many believe to be safe, considering they are downloading them from the Google Play Store.

As it stands right now, though, the security implementations that Google has in place within the Google Play Store right now suggest that this same methodology from these agencies doesn’t work, and shouldn’t work moving forward. So, Android users should feel safe enough installing apps from the Google Play Store.

[via The Intercept]