Measurement Systems wrote code that was incorporated into predominantly Android apps that ran on millions of devices, the report said. The hidden software was discovered in several Muslim prayer apps, a highway-speed-trap detection app, a QR-code reading app, and others.
Google removed apps that contained Measurement Systems software from the Google Play Store on March 25 but they can be relisted after the harmful software is removed, according to the report.
The internet domain of Measurement Systems was registered in 2013 by the Virginia-based company named Vostrom that is a contractor for the US government through a subsidiary, Packet Forensics LLC, the report said.
The Panamanian company refutes all allegations that it has collected users’ data by means of inserting its software into a host of applications and refused to answer questions about why their domain was registered by Vostrom, according to the report.
The newspaper also found that Measurement Systems paid between $100 and $10,000 per month to those developers who agreed to include its software code in their mobile apps and promised that the code collects "non-personal information about app users."