App stores such as the iTunes App Store, Google Play, BlackBerry World, and the Windows Phone Store are meant to be safe havens for apps and its users where thanks to the review efforts, apps that are published in these stores follow a certain guideline and are generally malware-free, versus apps found on third-party stores.
However recent reports from CBC and The Intercept have revealed that spy agencies from the “Five Eyes” countries (which includes the USA, UK, Canada, Australia, and New Zealand) have reportedly been working together, and one of the methods they planned to use to gather intel was to install spyware through app stores such as Google Play.
The reports are based on the leaked Snowden documents which reveals slides in which Google Play was referenced (it was known as Android Market back then). It also detailed how they planned on using Samsung’s app store to perform similar operations, although to date it is unclear as to how far along their plans are, or if it was even implemented to begin with.
The report goes on to detail how these spy agencies also managed to exploit a security hole in the UC Browser developed by a China-based company. The browser, which is popular in China and its surrounding markets, was used by these agencies to obtain information such as IMSI, MSISDN, IMEI, and other information that could identify users.
Unsurprisingly these agencies did not bother warning the developers of the leak, and it was only until an activist group brought it to their attention that a fix for the leak was released. When asked to comment, some agencies refused to comment, while others basically stated that everything they did was within a legal framework and was done out of national security.