You just purchased a brand new swanking Android smart phone with Google Play, congratulations! Unless you’re a model citizen with nothing to hide, you might want to think twice before downloading anything from Google’s app store. Gone are the days when suspicious persons break into homes and install bugs into handsets. Thanks to technology, bugging is done en masse. According to the latest leaked documents from Edward Snowden, the National Security Agency apparently hijacked Google Play in order to distribute spy software into Android phones. As if we already didn’t have enough malware. The bug is basically harmless but if you’re worried, consider downloading from other Android app stores, if they haven’t been bugged already.
Even after spending months in exile in Russia, Edward Snowden remains relevant. In his latest leak to the press, the NSA had a program codenamed Irritant Horn that goes as far back as 2011, which aims to use Google’s Android Market (what Google Play was called back then) to distribute malware to track specific targets (by bugging en masse). The program’s foremost use was to spy on African countries such as Congo, Sudan and Senegal in order to watch out for surprises such as the Arab Spring last 2010 which by now eventually resulted in the rise of ISIS. The program of course aims to track and collect data on suspected terrorists and other persons of interest. The program also aims to somehow send misinformation to its targets, to send propaganda. According to the document, this is actually a joint effort by the NSA and its counterparts in the UK, Australia, Canada and New Zealand, collectively known as the Five Eyes. The malware would be spread in the local app store servers used by the target countries but knowing the NSA, the malware would be present in the countries’ respective citizens as well.
The program works as a man-in-the-middle by running between Google Play and the users’ smartphone and introduce the malware as a separate but invisible app or an altered update to popular social media apps. With Android phones having the largest market share for smartphones, it’s logical for the NSA to hijack Google Play. Since the plot dates back to 2011, and if implemented, Google Play might not be the only app store compromised. Not to be an alarmist, but the Apple App Store and Windows Store could be bugged already as well as 3rd party Android app distributors. Your old favorite phone could be bugged already. The attack is subtle and would hardly be noticed by users. Without the leak, no one but the best computer professionals would be aware of it.
It’s been a long time since 2011 and it’s unknown whether this program has been implemented or not. If so, how do we know we’ve been bugged? We don’t. We can only be sure if your smartphone is brand new, has not been to any app store or is older than 4 years like my trusty Palm Treo or a more secure Blackberry. Also, if your phone employs encryption, you can’t easily be tracked or snooped on.
Speaking of encryption, the FBI and other agencies have been urging Microsoft, Google and Apple to keep encryption to a minimum on mobile devices which actually goes against the necessity of making communication devices as secure as possible. If government institutions did implement such an absurdity first, you get Wikileaks, more terrorist attacks and a personal call from the Mandarin. The tech companies mentioned meanwhile are urging the government to accept encryption and make necessary changes.
Google and the NSA both declined to comment about the latest from Edward Snowden. Whether irritated and horny smartphones really exist, we’re not sure. But if you want a smartphone and stay secure and bug free, I’ll put up my Treo on eBay but I won’t negotiate with terrorists.