Google Removes Pakistani App Suspected To Have Spied On Indian Army Officers

Google has removed the android app SmeshApp from the Google play store after CNN-IBN published a report on how Pakistani spy agencies used it to snoop on Indian Army.

It is reported that the app was used to get tactical as well as personal information of the army personnel. Almost 200 top officers were targeted through the spyware. The report said that fake facebook profiles were used to honeytrap the officers. First officers were sent the friend request through the fake profiles and then they chatted with them. Then they were prompted to download the SmeshApp.

The app was a spyware in the disguise of a calling and chat app. Once installed on the phone it collected data from the phone and sent it to the server situated in Germany. The service was hosted by a man based out Karachi named Sajid Rana. The information was tracked down by IBN using the Whois service which gives out information of the server based on the URL.

The archived images taken from Google play store suggests that the website mentioned in the privacy policy is also hosted by the same person. The website is not accessible at the moment. Apart from displaying the number of call and SMS made the app could even access the content on the phone. Security experts even believe that the location details and photographs might have been compromised.


India's communication minister Ravi Shankar Prasad told in an interview, "I will get my officers to check how the spying was done through the app and what were the gaps in the security measures. We will take a follow-up action once we get the details". He added that "Tech companies like Google have to be alive to India's security concerns".

It is interesting that Google earlier used to scan apps through an automated program but recently the play store started manually reviewing apps last year to avoid low quality or spyware apps. And screenshots suggest that SmeshApp was released somewhere around last year.

The history is Pakistani hackers attacking Indian websites or services is not new. Back in 2010 CBI website was attacked, in 2015 Kerala government website, In 2014 Indian Revenue services website were hacked. Last year 'Pakistani Cyber Army' even took down 22 goverment portals in a hack. In the most recent attack they defaced the AIIMS Raipur website.

Government is issuing new advisories of the use of the social media to the Army. They have forbidden the use of chat apps such as WeChat and Lime. Apart from that they have told the officers not to reveal designation or posting location on the social media, not to put profile pictures with uniform or any military background and not to accept friend requests from unknown people. The growing attacks through the technology suggests that Indian government needs to tighten the security on the cyber front.

Death Of Conversation Caused By Smartphones