Google finally removes app that revealed the personal details of Palestinians

It took media attention for Google to remove the app.


Load web pages faster. Block ads. Get Brave For Free

Google is not shy about kicking apps out of its Play Store, sometimes for no good reason and with no useful explanation. But an app apparently exposing the entire Palestinian population register raised no internal alarm bells – not before a tech website contacted the tech giant.

Users leaving reviews on Play Store, raising the issue of serious privacy violations, didn't help Google identify the problem on its own, either, and act any sooner.

Vice's Motherboard writes that it first got wind of the offending app on October 10, thanks to Israeli security researcher Noam Rotem. Respecting a rule normally reserved for critical software bugs, the website decided not to report about the app – dubbed “Palestinian Civil Registry” – by naming it or linking to it – for fear that spreading information about it would increase the likelihood of abuse.

Instead, Motherboard contacted Google, no doubt in the hope the app would be swiftly reviewed and removed. This finally happened on Thursday, October 31, when the app was gone from the Play Store.

Before this happened, the Palestinian Civil Registry allowed anyone who had it installed on their phone to search through a database containing personal information of just about every Palestinian.

Addressing the incident on Twitter, a French security researcher details exactly what this means: you could search for “name, father's name, mother's name, family, grandfather's name, home number, area code, date of birth, ID number.”

The backend – said the researcher who goes by the name of Elliot Anderson – is hosted in Gabon.

About that backend server: although the app is gone from the Play Store, this highly sensitive data – all the more sensitive because it concerns private information about people in a conflict zone – remains exposed, Motherboard's Joseph Cox said on Twitter.

According to Motherboard, Rotem showcased this, writing, “Their API is garbage, you can download (data of) all citizens” – and the website claims that it has been able to verify that “scraping en masse” can still be done from the server.

However, we don't learn from the report who was behind the app – although we get multiple references, and even quotes, from the developer(s). We're also none the wiser as to how they obtained this data in the first place. Some of those Motherboard spoke to speculate that the database might have been hacked.

Use The Fastest Browser That Doesn’t Track You

Blocks ads. Blocks tracking. Keeps you and your data private. Free and open source. Up to 8 times faster page loads than Chrome and Safari. Join the Brave revolution today.

>> Use Brave To Browse The Web Faster, In Private <<


Didi Rankovic

Didi Rankovich is an experienced online journalist, editor, and translator, with a career spanning over ten years writing for major a English-language website in Serbia, and previously working as translator for international organizations and peacekeepers in the Balkans. Rankovich is passionate about free and open source tech and is a head contributor for Reclaim The Net, focusing on lead stories. [email protected]
Do NOT follow this link or you will be banned from the site!