Google removed a number of apps from the Play Store after it discovered they contained malicious code that harvested users’ phone numbers, email addresses and locations.
Among the apps are a QR code scanner, a weather app, and some Muslim prayer apps. According to Google, some of them have been downloaded over 10 million times. .
The app secretly transferred users’ personal data, including their phone’s unique IMEI number, to Measurement Systems in Panama, which was linked to Vostrom Holdings in Virginia, USA.
Read: After Twitter, Nigeria threatens to suspend more social media apps if they promote division
“All apps on Google Play must follow our policies, regardless of developer. Where we determine an app violates these policies, we take appropriate action,” a Google spokesperson told the BBC.
Google has previously said that all apps should be clear about the data collected from users. The tech giant announced in December 2021 that any apps that violate its data policy risk being banned from the Play Store.
Read: Google takes on Windows with new version of Chrome OS for older PCs and Macs
Researchers who discovered the problem said the apps contained a software development kit (SDK) that sent private data to a third party.
According to a Google spokeswoman, apps that have been banned for illegally capturing user data can apply to be reinstated in the Google Play Store provided the offending code is removed.
The majority of the offending apps are now available for download as long as they don’t have the SDK.