Mobile malware analysts warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million installs of the apps.
The apps collected this data through a third-party SDK that includes the ability to capture clipboard content, GPS data, email addresses, phone numbers, and even the user's modem router MAC address and network SSID.
This sensitive data could lead to significant privacy risks for the users if misused or leaked due to poor server/database security.
Furthermore, clipboard contents could potentially include very sensitive information, including crypto wallet recovery seeds, passwords, or credit card numbers, which should not be stored in a third-party database.
According to AppCensus, who discovered the use of this SDK, the collected data is bundled and transmitted by the SDK to the domain "mobile.measurelib.com," which appears to be owned by a Panama-based analytics firm named Measurement Systems.