{"id":46143,"date":"2022-04-11T11:01:11","date_gmt":"2022-04-11T11:01:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/"},"modified":"2022-04-11T11:01:11","modified_gmt":"2022-04-11T11:01:11","slug":"google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/","title":{"rendered":"Google Play pulls sneaky data-harvesting apps with 46m+ downloads"},"content":{"rendered":"<p><span class=\"label\">In brief<\/span> Google pulled a slew of Android apps with more than 46 million downloads from its Google Play Store after security researchers notified the cloud giant that the code contained some sneaky data-harvesting code.<\/p>\n<p>Apps included a speed camera radar, several Muslim prayer apps, a QR scanner, a WiFi mouse tool, a weather app and others.&nbsp;<\/p>\n<p>A Panama-based company Measurement Systems developed the code, according to AppCensus co-founder Joel Reardon, whose mobile app testing firm discovered the overly nosy software, reported it to Google, and published <a href=\"https:\/\/blog.appcensus.io\/2022\/04\/06\/the-curious-case-of-coulus-coelib\/\" rel=\"nofollow\">research<\/a> about how it works.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>According to the <em>Wall Street Journal<\/em>, which first <a href=\"https:\/\/www.wsj.com\/articles\/apps-with-hidden-data-harvesting-software-are-banned-by-google-11649261181?mod=djemalertNEWS\" rel=\"nofollow\">reported<\/a> the story, Measurement Systems has ties to a Virginia defense contractor that does cyber-intelligence, network-defense and intelligence-intercept work for US national security agencies.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Google removed the apps as of March 25, but said they could be re-listed if they removed the dodgy code to comply with Google Play Store&#8217;s rules for collecting users&#8217; data. Some of the apps did this, and were already back for sale as of April 6.<\/p>\n<p>&#8220;All apps on Google Play must comply with our policies, regardless of the developer. When we determine an app violates these policies, we take appropriate action,&#8221; a Google spokesperson told <em>The Register<\/em>.&nbsp;&nbsp;<\/p>\n<h3 class=\"crosshead\"> <span>Infosec folk spot open Fox News database<\/span><br \/>\n<\/h3>\n<p>Fox News said it has secured an open database after bug hunters at Security Discovery alerted the news organization about the security incident waiting to happen.<\/p>\n<p>For its part, Fox News said the open database was in a development environment, not a live, production environment, and that no customer records were exposed.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;We were contacted in October of 2021 by Security Dynamic about what would correctly be characterized as a general company development environment primarily containing an archival snapshot of public video metadata such as program descriptions and talent bios,&#8221; a spokesperson said in an email to <em>The Register<\/em>.&nbsp;<\/p>\n<p>&#8220;Additionally, there was a list of business email addresses as well as URLs, other ID&#8217;s and environments that were no longer in use at the time of discovery,&#8221; the statement continued. &#8220;This environment did not service any Fox News applications or systems. The database was secured within hours following the receipt of the report from Security Dynamic in accordance with our responsible disclosure policy.&#8221;<\/p>\n<p>Security Discovery co-founder Jeremiah Fowler, working with the research team at website building info firm Website Planet, discovered the non-password protected database. They said the 58GB dataset contained almost 13 million records that spanned storage information, internal emails, usernames, employee ID numbers and affiliate station information.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;One folder contained 65k names of celebrities, cast and production crew members and their internal FOX ID reference numbers,&#8221; the threat researchers <a href=\"https:\/\/www.websiteplanet.com\/blog\/foxnews-leak-report\/\" rel=\"nofollow\">wrote<\/a>. &#8220;The records also captured a wide range of data points including event logging, host names, host account numbers, IP addresses, interface, device data, and much more.&#8221;<\/p>\n<p>Despite Fox News&#8217; assurances that this was a test environment, Fowler and friends noted that many records were labeled &#8220;prod,&#8221; which is typically an abbreviation for production records.&nbsp;<\/p>\n<p>But even in a development environment, this data could pose a security risk as these environments often use the same storage repositories, middleware and infrastructure as live production environments, the threat researchers added.<\/p>\n<p>Additionally, the security researchers made it clear that they aren&#8217;t implying any customer or user data was at risk, and they applauded the Fox security team for acting &#8220;fast and professional&#8221; to close the exposed database. Still, &#8220;any non-password protected database could potentially allow someone to insert malicious code into the network,&#8221; they noted.&nbsp;<\/p>\n<h3 class=\"crosshead\"> <span>Autodesk patches high-severity bugs<\/span><br \/>\n<\/h3>\n<p>Autodesk has <a href=\"https:\/\/www.autodesk.com\/trust\/security-advisories\/adsk-sa-2022-0004\" rel=\"nofollow\">patched<\/a> multiple high-severity vulnerabilities that, if exploited, could allow attackers to run any malicious code on infected machines and steal sensitive information.&nbsp;<\/p>\n<p>Security firm Fortinet&#8217;s threat research team <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/fortinet-security-researchers-discover-multiple-vulnerabilities-in-autodesk-products-dwg-trueview-navisworks-and-design-review\" rel=\"nofollow\">discovered<\/a> the bugs, which affect Autodesk&#8217;s &nbsp;DWG TrueView, Design Review and Navisworks, and reported them to the software provider. Its research team also provided a run-down of all seven vulns.<\/p>\n<p>Both companies urge users to apply the patches ASAP.<\/p>\n<p>The first five bugs, CVE-2022-27525, CVE-2021-40167, CVE-2022-27526, CVE-2022-27527 and CVE-2022-25797, are memory corruption vulnerabilities.&nbsp;<\/p>\n<p><a href=\"https:\/\/fortiguard.com\/zeroday\/FG-VD-21-084\" rel=\"nofollow\">CVE-2022-27525<\/a> affects Autodesk Design Review. It&#8217;s caused by a malformed Design Web Format (DWF) file, &#8220;which causes an out-of-bounds memory write due to an improper bounds check,&#8221; Fortinet explained.<\/p>\n<p>If exploited, this bug can allow cybercriminals to execute arbitrary, malicious code via a specially crafted DWF file.&nbsp;<\/p>\n<p><a href=\"https:\/\/fortiguard.com\/zeroday\/FG-VD-21-085\" rel=\"nofollow\">CVE-2021-40167<\/a> affects the same product and is also caused by a buggy DWF file. It could allow an attacker to leak memory within the context of the application.<\/p>\n<p><a href=\"https:\/\/fortiguard.com\/zeroday\/FG-VD-21-086\" rel=\"nofollow\">CVE-2022-27526<\/a>, which could also be exploited to leak memory, affects Autodesk&#8217;s Design Review product. A malformed Truevision (TGA) file causes this bug. Specifically, the TGA file &#8220;causes an out-of-bounds memory access, due to improper bounds checking when manipulating a pointer to an allocated buffer,&#8221; Fortinet said.<\/p>\n<p><a href=\"https:\/\/fortiguard.com\/zeroday\/FG-VD-21-088\" rel=\"nofollow\">CVE-2022-27527<\/a> effects Autodesk Navisworks. It&#8217;s caused by a malformed PDF file, which also leads to out-of-bounds memory access.<\/p>\n<p>The fifth memory corruption bug, <a href=\"https:\/\/fortiguard.com\/zeroday\/FG-VD-21-090\" rel=\"nofollow\">CVE-2022-25797<\/a>, caused by a malformed DWG file, affects DWG Trueview and could allow a criminal to execute arbitrary code using a crafted DWG file.<\/p>\n<p><a href=\"https:\/\/fortiguard.com\/zeroday\/FG-VD-21-064\" rel=\"nofollow\">CVE-2022-27523<\/a>, a buffer over-read vulnerability in Autodesk DWG TrueView, could allow a remote attacker to leak sensitive data using a malicious DWG file.<\/p>\n<p>And finally <a href=\"https:\/\/fortiguard.com\/zeroday\/FG-VD-21-065\" rel=\"nofollow\">CVE-2022-27524<\/a>, is an out-of-bounds vuln in DWG TrueView that could be exploited to leak sensitive data.<\/p>\n<h3 class=\"crosshead\"> <span>CISA, D-Link urge end-of-life router retirement<\/span><br \/>\n<\/h3>\n<p>CISA has advised anyone using certain older D-Link routers to take them offline before miscreants find and exploit a critical remote control execution vulnerability.<\/p>\n<p>On Monday, CISA <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" rel=\"nofollow\">added<\/a> the RCE bug, dubbed <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-45382\" rel=\"nofollow\">CVE-2021-45382<\/a>, to its catalog of known exploited vulnerabilities. It exists in all series H\/W revisions D-Link DIR-810L, DIR-820L\/LW, DIR-826L, DIR-830L, and DIR-836L routers via the dynamic domain name system (DDNS) function in the ncc2 binary file.<\/p>\n<p>The ncc2 service allows for some firmware and language file upgrades via the web interface. But as Malwarebytes Labs researcher Pieter Arntz <a href=\"https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2022\/04\/cisa-advises-d-link-users-to-take-vulnerable-routers-offline\/\" rel=\"nofollow\">explained<\/a>, &#8220;the ncc2 service on the affected devices appears to have been shipped with a number of diagnostic hooks available.&#8221;<\/p>\n<p>If exploited, this would allow an attacker to call these hooks without authentication. &#8220;These files appear to be rendered when queried and can be used to both interrogate the given device for information, as well as enable diagnostic services on demand,&#8221; he added.&nbsp;<\/p>\n<p>The software bug received a 9.8 CVSS score, which means it&#8217;s critical that users address it immediately. But because the affected routers are end-of-life, D-Link isn&#8217;t issuing any patches for the vulnerable devices.&nbsp;<\/p>\n<p>Both CISA and <a href=\"https:\/\/supportannouncement.us.dlink.com\/announcement\/publication.aspx?name=SAP10264\" rel=\"nofollow\">D-Link<\/a> suggest that you retire these models ASAP, before a cyber criminal finds the vuln.<\/p>\n<p>And if you still aren&#8217;t convinced, there&#8217;s a proof-of-concept on <a href=\"https:\/\/github.com\/doudoudedi\/D-LINK_Command_Injection1\/blob\/main\/D-LINK_Command_injection.md\" rel=\"nofollow\">GitHub<\/a>, which makes it really easy for any evil doers to remotely take over the vulnerable devices and then execute malicious code.<\/p>\n<h3 class=\"crosshead\"> <span>Cybercriminals still exploiting Spring4Shell<\/span><br \/>\n<\/h3>\n<p>Miscreants continue to exploit the Java Spring framework remote code execution vulnerability a week after security researchers <a href=\"https:\/\/www.theregister.com\/2022\/03\/31\/spring_vuln\/\">discovered<\/a> the nasty software bug.<\/p>\n<p>A week after the initial outbreak, Check Point Research said it&#8217;s seen about <a href=\"https:\/\/blog.checkpoint.com\/2022\/04\/05\/16-of-organizations-worldwide-impacted-by-spring4shell-zero-day-vulnerability-exploitation-attempts-since-outbreak\/\" rel=\"nofollow\">37,000 attempts<\/a> to allocate the vulnerability, dubbed &#8220;Spring4Shell.&#8221;<\/p>\n<p>While organizations around the globe have been affected by the bug, Europe was the hardest hit, according to the security shop.&nbsp;<\/p>\n<p>In the first four days after post discovery, 16 percent of orgs worldwide experienced exploitation attempts. But in Europe, that number jumped to 20 percent. Australia and New Zealand ranked second, at 17 percent, followed by Africa (16 percent), Asia (15 percent), Latin Americas (13 percent) and North America (11 percent).<\/p>\n<p>Perhaps unsurprisingly, the software vendor industry felt the most pain from Spring4Shell.&nbsp; According to Check Point, 28 percent of companies in this sector were impacted by the vulnerability. Education and research orgs were the second-most affected, with 26 percent impacted. And insurance\/legal, ISPs\/MSPs, and finance\/banking institutions tied for third place at 25 percent.<\/p>\n<p>While noting its own CloudGuard AppSec customers were not vulnerable, &#8220;If your organization is using Java Spring and not using CloudGuard AppSec, immediately review your software and update to the latest versions by following the official Spring project guidance,&#8221; the security firm advised. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/04\/11\/in_brief_security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus: Fox News learns to use database passwords, Autodesk patches high-severity bugs, and CISA says retire old D-Link routers In brief\u00a0 Google pulled a slew of Android apps with more than 46 million downloads from its Google Play Store after security researchers notified the cloud giant that the code contained some sneaky data-harvesting code.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-46143","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Google Play pulls sneaky data-harvesting apps with 46m+ downloads 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Google Play pulls sneaky data-harvesting apps with 46m+ downloads 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-11T11:01:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Google Play pulls sneaky data-harvesting apps with 46m+ downloads\",\"datePublished\":\"2022-04-11T11:01:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/\"},\"wordCount\":1386,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/\",\"name\":\"Google Play pulls sneaky data-harvesting apps with 46m+ downloads 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-04-11T11:01:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Google Play pulls sneaky data-harvesting apps with 46m+ downloads\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Google Play pulls sneaky data-harvesting apps with 46m+ downloads 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/","og_locale":"en_US","og_type":"article","og_title":"Google Play pulls sneaky data-harvesting apps with 46m+ downloads 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-04-11T11:01:11+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Google Play pulls sneaky data-harvesting apps with 46m+ downloads","datePublished":"2022-04-11T11:01:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/"},"wordCount":1386,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/","url":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/","name":"Google Play pulls sneaky data-harvesting apps with 46m+ downloads 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-04-11T11:01:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YlQPnZiRTOi41OgxFbEfbgAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/google-play-pulls-sneaky-data-harvesting-apps-with-46m-downloads\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Google Play pulls sneaky data-harvesting apps with 46m+ downloads"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46143"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46143\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}