Spy Agencies Target Links to Google Mobile App Stores, Reports Claim | eWeek

Spy Agencies Target Links to Google Mobile App Stores, Reports Claim

NSA spying
May 22, 2015
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The U.S. National Security Agency (NSA) and some of its peer agencies from closely allied countries targeted data links to Google’s mobile application stores as a way to plant spyware on people’s smartphones, CBC Canada reported this week.

A top-secret document obtained from former NSA contractor Edward Snowden shows that the NSA and its counterparts in Canada, the United Kingdom, New Zealand and Australia established a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team to work on ways to plant spyware on targeted mobile devices, CBC said.

The team held workshops in Australia and Canada between November 2011 and Feb 2012 when they discussed ways to exploit smartphone technologies for surveillance purposes, said The Intercept, which helped CBC analyze the document.

One pilot project that was tested under the joint effort was dubbed “Irritant Horn.” It involved a method to intercept and hijack connections between a targeted user’s smartphone to Google’s mobile application store. The goal was to try and insert data-stealing malware on the smartphone if the user attempted to download an application from the app store, The Intercept said. Samsung’s application store was also similarly targeted, The Intercept and CBC reported.

Previous Snowden documents have already revealed that the NSA and its counterparts targeted leaky mobile applications to harvest a wide range of data on smartphone users from around the world. It is already known that the agencies grabbed emails as well as call records, browsing histories, videos and photos from targeted mobile devices using spyware. But until now, it has not been clear how exactly the agencies were able to collect the data, The Intercept said.

The Network Tradecraft Advancement Team used tools like the NSA’s previously disclosed XKeyscore spying tool to identify smartphone traffic and then track down connections to servers used by Google and Samsung to host their application stores and software update services.

The unit then attempted to use man-in-the-middle attacks to insert themselves into the data stream between a targeted user’s smartphone and the app store and inject spyware on the individual’s device. In addition to tampering with the data packets flowing between the app store and users’ devices, the spy agencies also attempted to send what they described as “selective misinformation” to targeted devices to confuse them and spread propaganda, the papers said.

As part of their effort to grab data from smartphones, the agencies also appear to have discovered and quietly exploited a vulnerability in the UC browser, a mobile browser that is popular in China and India but somewhat less so in North America.

The document obtained by The Intercept and CBC showed that the agencies discovered the browser was highly insecure and leaking all kinds of information on smartphone users. It was a fact that they apparently quietly used to their advantage without informing the browser maker of the broad privacy and security threat to the browser’s hundreds of millions of users worldwide, The Intercept and CBC said.

It is not immediately clear from either report whether the spy agencies were merely planning or actually succeeded in compromising data links to Google’s application stores and launching man-in-the-middle attacks against targeted adversaries. The focus of the data collection activities appears to have been smartphone users in Africa, particularly Senegal, the Congo and Sudan. But a Google application store server located in France was also targeted, and so, too, were application servers in the Netherlands, Switzerland, the Bahamas, Russia, Cuba and Morocco belonging to other mobile app vendors.

Google did not respond by press time to a request for comment.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.