Android apps with 45 million installs used data harvesting SDK


Level 37
Thread author
Top Poster
Feb 4, 2016
Mobile malware analysts warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million installs of the apps.
The apps collected this data through a third-party SDK that includes the ability to capture clipboard content, GPS data, email addresses, phone numbers, and even the user's modem router MAC address and network SSID.

This sensitive data could lead to significant privacy risks for the users if misused or leaked due to poor server/database security.
Furthermore, clipboard contents could potentially include very sensitive information, including crypto wallet recovery seeds, passwords, or credit card numbers, which should not be stored in a third-party database.

According to AppCensus, who discovered the use of this SDK, the collected data is bundled and transmitted by the SDK to the domain "," which appears to be owned by a Panama-based analytics firm named Measurement Systems.


Level 69
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
From that article:
Apps using this SDK
The most popular and downloaded applications found to be using this SDK to send sensitive user data are the following:
It’s important to note that all of these apps were reported to Google on October 20, 2021, and were subsequently investigated and removed from the Play Store.

However, their publishers managed to reintroduce them on the Play Store after removing the data-harvesting SDK and submitting new, updated versions to Google for review.

If users installed the apps on a previous date, though, the SDK would still be running on their smartphones, so removal and re-installation would be advised in this case.

Unfortunately, as data collection libraries quietly run in the background collecting data, it's difficult for users to protect themselves from them. Therefore, it is advised that you only install apps from trustworthy developers who have a long history of highly reviewed apps.

Another good practice is to keep the number of apps installed on your device at the minimum necessary and ensure that the permissions requested are not overly broad.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.