News in brief: Google pulls 500 apps from Play; lottery boss sentenced; drone owners told to update

Your daily round-up of some of the other stories in the news

Google pulls 500 apps from Play Store

Less than 24 hours after the launch of Android Oreo, Google has had to pull some 500 apps from its Play Store, which together had been downloaded more than 100m times.

The apps, which ranged from games targeted at teens – one of which had more than 50m downloads – to weather apps, internet radio apps, photo editing apps and travel apps, all used a software development kit (SDK) called Igexin. In a blog post, the researchers from Lookout said that the Igexin SDK could have introduced the ability to spy on victims “through otherwise benign apps by downloading malicious plugins”.

Advertising SDKs make it easy for app developers to tap into advertising networks and deliver ads to their users.

Lookout said that the apps themselves aren’t malicious and “it is likely that many app developers were not aware of the personal information that could be exfiltrated from their customers’ devices as a result of embedding Igexin’s ad SDK” and stressed that “not all versions of the Igexin ad SDK deliver malicious functionality”.

Google told Ars Technica that it had “taken action on these apps in Play, and automatically secured previously downloaded versions of them as well”.

Lottery boss sentenced over $14.3m scam

Remember Eddie Tipton, the lottery sysadmin who scammed $14.3m from the Multi-State Lottery Association (MUSL) back in 2010? He’s been sentenced to up to 25 years in prison in Iowa for rigging drawing jackpots in Iowa, Wisconsin and two other states.

Tipton, 54, was head of security for the MUSL who with his co-conspirators, who included his brother, Tommy, installed a rootkit to create numbers that he could predict. As an employee, he was banned from buying lottery tickets, but was caught when he was identified on CCTV footage from a gas station where he had bought his winning ticket.

Tipton still faces further sentencing in Wisconsin next month. The sentencing judge in Polk County, Brad McCall, told him: “It is indeed unfortunate that you did not use that intelligence to prosper by legal means. Instead you chose an illegal path.”

DJI Spark owners told to update or see their craft grounded

If you’re the owner of a DJI Spark drone, be warned: unless you apply a mandatory firmware update by September 1, your aircraft will be grounded.

In a blogpost, DJI said it had decided on the mandatory update “in order to maximise flight safety and product reliability which we consider as top priorities”.

However, drone enthusiasts were not happy with the manufacturer’s “ability to brick other people’s property if required”, said Gary Mortimer writing for SUAS News. “The ‘Kill Switch’ option is already causing consternation in user groups”, he added.

There has been concern about the safety of consumer drones, with reports of them getting uncomfortably close to commercial aircraft and most recently, a drone landed on the deck of a new Royal Navy warship. And just last week DJI said it was stepping up security after the US Army banned its troops from using them, citing security concerns.

Catch up with all of today’s stories on Naked Security