In light of the latest news of the AccuWeather app that is reportedly collecting data on iOS users in secret: Just across the digital pond, Google recently removed more than 500 Android apps from the Play Store for similar reasons.
According to a report by the International Business Times, the 500 Android apps that were removed were discovered to have advertising software used by the affected apps that could easily be exploited and used to install spyware on unsuspecting Android handsets.
The software development kit (SDK) used to develop the apps is a Chinese-made SDK known as Igexin. The SDK is known to perform targeted advertising services, but is extremely vulnerable to attacks by hackers or programmers looking to sneak malware on to a device.
Igexin’s primary purpose was to help developer create advertisements for users of certain apps, and from there, help the app maker generate some revenue from the program. Unfortunately, and unbeknownst to the creators of Igexin, the SDK’s control server was compromised by attackers and used to deliver malware to device.
“While not all of these applications have been confirmed to download the malicious spying capability, Igexin could have introduced that functionality at their convenience,” Lookout security engineers Adam Bauer and Christoph Hebeisen said in their report about Igexin.