The Research
A recent investigation by researchers from the mobile software security company Lookout revealed that a SDK (Software Development Kit) that has been implemented within over 500 mobile applications has been gathering personal data from the users and to the developers of the said SDK. The company that has developed the kit is a Chinese one known under the name of Igexin. What was found during the carried out investigation is Igexin was using the SDK’s legitimate functions to issue illegal and undesirable commands via the apps which had the kit embedded inside them. This remote control of the said apps was done in secrecy from the users and researchers allowing the developers of the SDK to obtain personal data on the users without being authorized to do so. Basically, when an user installs such an app, they give different permissions to the application – due to those installation permissions, the developers at Igexin were able to exploit the said apps and use them for their own gain. In most instances, the acquired data was call logs from the targeted device. Here, it must be noted that the applications itself that had the SDK were legitimate and their developers are said to have been unaware of the malicious use of the kit.
Apps temporarily taken down from Google Store
After the research has been carried out and the results were clear, Lookout contacted Google as well as the creators of the apps that contained Igexin’s SDK, informing them about what has been found out. The applications were temporarily removed from the store by Google. Once new updates were issued on the applications that would remove the SDK, the apps would be restored and made available again in Google Store. No list of the applications is available since the researchers at Lookout believe that the their creators are not to be blamed for the unpleasant occurrence. That said, it has been mentioned that most of the apps which included the SDK belonged to either of the following groups: mobile games, weather forecast apps, online radio, image editors, certain camera apps, etc. Since those applications have been removed from the store until they get updated, there should be no danger of downloading anything that has the unwanted software development kit.
Unauthorized data gathering
Note that this isn’t the first instance of something like this happening. Normally, in most cases, this sort of unauthorized data collection shouldn’t be that harmful to the regular user. That being said, any application or other form of software which might do something that it isn’t supposed to or hasn’t been allowed by the user to, ought to be considered potentially unwanted and hazardous. Even if something illegal and illegitimate does not directly threaten your virtual security at the moment, there might come a time when it could actually grow into an actual problem which is why you must always be careful with what software you download and install on your smartphone or computer.
