The Google Play Store malware implant and surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.
The top-secret document, obtained from the former NSA contractor whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept.
The document which is available here, gives a break down of the plans of NSA and its Five Eyes collaborators during workshops held in Australia and Canada between November 2011 and February 2012.
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google.
According the leaked documents state that NSA started a pilot project code named IRRITANT HORN. Under this plan, the NSA and its collaborators were working on methods to hack and hijack the Google Play Store and Samsung App Store so that they could implant spying malware on the Apps downloaded by Android users all over the world.
Once the apps on the stores were implanted, the users would download such Apps and ultimately the malware would reside in their Android smartphones without their notice, allowing NSA and its collaborators a steady source of surveillance without creating backdoors.
Smartphone spying by NSA is not new. Previous disclosures from the Snowden files have already revealed how the spy agencies designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them.
However it was not known then about the methods used by the agencies to get the spyware onto the users smartphones. With these documents it becomes clear that NSA was planning to use Google Play Store and Samsung App Store as a vector to spread spying malware.
Google has declined to comment for this latest development while Samsung said it would not be commenting “at this time.”