Home Security Mobile Google Play Almost Compromised by Intelligence Agencies

Google Play Almost Compromised by Intelligence Agencies


Recently, CBC News and The Intercept revealed that the U.S. and the “Five Eyes,” a collection of the country’s Western allies, planned a massive hack of its citizens’ smartphones. The plan was to infect Google and Samsung app store links with spyware in order to target people with misinformation. The news outlets stated that Edward Snowden’s NSA leaks corroborated these claims.

The leaks also revealed that UC Browser, which is specific to mobile devices, was targeted late in 2011 by these same entities. This was found to be true based on a huge data breach of users’ data. This particular browser is available on iOS, Android, Blackberry, Windows mobile, Symbian, and Java ME.

UC browser for Android screenshot

UC Browser is currently owned by Alibaba, a Chinese-based e-commerce website. It dominates the market at 13%, and according to Sitepoint, this makes it the world’s most-used mobile browser.

UC Browser has over 500 million users in mostly China and India, with a growing number in the surrounding regions. Just recently, it partnered up with Facebook to provide push notifications within the browser app.

Targeting foreign users?

The operation was apparently developed to possibly prevent another Arab Spring. The intelligence agencies collaborating with each other had an agreement to keep the spying to certain targets in Africa with Muslim populations. This included countries like the Sudan, Congo, and Senegal. However, the Google and Samsung app store servers were located in completely different areas, including Switzerland, France, Morocco, the Netherlands, Russia, the Bahamas, and Cuba.

It was then revealed that one of those countries’ covert military communications pertaining to its Western operations were conducted via UC Browser. However, Dave Bullas of Stealthbits firmly stated that though spying on Western countries has not yet been revealed, the public should not blindly trust that the intelligence agencies won’t use the same techniques to spy on their own people. According to Bullas, any decent developer would suggest utilizing a tool like this in a sort of test run first before applying it in another case.

As of now, it’s unclear whether the Five Eyes have used the cyberattacks as a test run in anticipation for a larger effort, but Bullas is confident that these agencies would have no qualms about using it on its own citizens.

The workings of the Five Eyes’ operation

Protester holding 'stop the NSA spying' sign
Image credit: “Protest against NSA surveillance” by Fibonacci Blue, used under CC BY / Slight color filters added, image cropped

In late 2011 to early 2012, the Five Eyes held multiple workshops in order to discuss how to use modern smartphone technology to spy on individuals. The Intercept revealed that the Xkeyscore system, originally developed by the NSA, can track smartphone traffic via links to Google and Samsung app store servers.

The initial operation, called “Irritant Horn,” was carried out by placing spyware within links in the app stores to hijack specifically targeted smartphones and hack the data. It was also reported that the Five Eyes planned an extensive mission to utilize their technology to collect personally identifying data through the same app servers.

The need to assess the possibilities

Robert Enderle of the Enderle Group stresses that the public must be aware of the staggering possibilities this technique might lead to. He told that although the intelligence agencies have an agreement not to snoop in each other’s territories, they are not impenetrable to outside hackers that might utilize the same technology for their own gain. Once the technology is leaked or stolen, the methods of spying and compromising smartphone users’ data can spread worldwide.

We might become our worst enemy

The citizens of the U.S. and cooperating Five Eyes may become targets themselves. U.S. government entities have been fighting against mobile user privacy for years. For example, FBI director James Comey has proposed encryption backdoors in mobile systems, while the CIA has actively tried to hack iOS.

The motive behind these requests are to monitor potential criminal activity, but if these agencies were to be given access to certain backchannels, they would be putting millions of citizens at risk. The problem would not only be restricted to online data, as having user information could lead to identity theft, burglary, illegal stalking, and violence.

Enderle spoke at length about the risks such a wide range of access might entail, pointing out that there was something seriously wrong with the picture if the law enforcement agencies began to behave like the criminals they are supposed to catch.

A solution to this concerning report

This revelation only further promotes the widespread paranoia most internet users today have concerning their online privacy. It’s scary to think that the methods our governments utilize to try and keep us safe might just end up making things worse, and seeing as so much of our lives are spent online, it’s extremely concerning to realize that what we do on the internet isn’t exactly private.

At this point, there’s not much you can do to prevent prying eyes from looking in on your online activities. In fact, there might only be two options a regular internet user could choose to keep him or herself completely safe. One is that you simply limit your online activities to the bare minimum. Unfortunately, that’s next to impossible these days.

PureVPN logo on world digital map

The other option you have is to obtain a VPN subscription. These Virtual Private Networks allow you to access the internet in complete privacy by assigning new IP addresses and forwarding all online content through their private and highly-encrypted servers.

Secured network providers like PureVPN offer online anonymity on virtually any device, including PC, Mac, iOS, Android, etc. Using one would allow you to freely browse the internet and access any content without worrying about any government agencies looking in on your activities.

The great news is that services like PureVPN offer fast connections at competitive prices. With top-notch encryptions and excellent software, you’ll be safe from people like the Five Eyes.

To learn more about PureVPN, you can read our in-depth review here.