It’s been two to three years since Google has been unknowingly hosting multiple apps from malicious actors who sell personal data of people such as Pakistani citizen’s national ID card numbers, their addresses, their family details, and other personal identifications that only the government Pakistan (Nadra) The National Database & Registration Authority knew. I came across a Google ad for one of these apps today, which was offered in Urdu and claimed to provide personal details of anyone by simply entering their phone number. This includes the person’s national ID card number, address, and other confidential information that should not be in the public domain. I have reported the AD to Google Team and shared the concern with the Policy team about the apps as well.
EMEA Tribune has reached out to Google and NADRA for their response on this issue, and we will update you as soon as we hear from them.
The AD was claiming to Get personal details of anyone through one click by entering the phone number and get the complete bio-data of any person such as identification numbers (National ID Card Number), his complete addresses, his picture, how many SIM he has and which network and which number, where does the person live, and other confidential information which should not be in public at any cost. The data can only be obtained by the National Database & Registration Authority (NADRA) in Pakistan and can not be sold or shared or available to the public. The Pakistani citizen’s data which was controlled by the Government Authority was hacked a few years back, and since then the bad actors are misusing the data which was sold by them through dark markets.
The AD was redirecting to the Google Play app that has 100k downloaded since March 2022 without Google even knowing what the app is all about. This is very dangerous and illegal and the data was sold by them on dark markets as well. This is the crime that the app developer is committing without knowing the authority and Google itself. Selling personal data of people is an illegal and criminal offense with no bail under the PECA act 2016 Cyber Crime ACT Government of Pakistan. The National Database & Registration Authority (NADRA) is the only source of this information and they are not aware of this Google Play store app. This could include extremely sensitive information, such as ID numbers and or bank account details. Naturally, this raised a lot of concerns among the public, who were worried about their privacy and safety. This is a worrying trend and Google needs to be addressed quickly. The government needs to put in place better security measures to protect citizens’ data.
The Google Ads showing to the users in Pakistan and the Apps hosted on the Play Store are violating Google’s policy and thus they need to be removed to protect the citizens and the people. Google should suspend all the apps that are selling personal and private data of people through the dark market. Google should assign more people (that know the Urdu language) to the advertisement department so they can review the Ads first before they get live. The people of Pakistan should be made aware of the dangers of these Apps and how their personal and private data is being sold without their consent.