Apps have become one of the most important parts of our mobile devices. If we need something and it can be handled from a smartphone or tablet, an app is usually the way to get it done. So for the NSA and other agencies around the world, infecting those apps so many people download apparently seemed like an easy way to get access to information on those devices.
According to a report published by The Intercept, the U.S.-based National Security Agency (NSA), along with the agency’s Five Eyes allies (entities in New Zealand, Canada, the United Kingdom and Australia), sought to infect applications available within the Google Play store, Samsung’s own app store and other digital app-focused storefronts with malware. The goal was to access the information found on those handsets without the user knowing anything was happening behind the scenes.
According to the report, tests were run back in 2011 and 2012 as part of a program entitled Irritant Horn. Those tests were designed to find out if infecting the apps would gain the information they were seeking, as well as determine if other methods could be utilized to gain the same results.
The document, which was shared by Edward Snowden, and followed up with a report from The Intercept, outlines that the program was meant to determine how smartphones could be used for surveillance:
“The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google.“
As it stands right now, the Google Play Store has several separate security measures to make sure that this type of behavior cannot actually be implemented.