NSA and partners wanted to ride smartphone connections to Google Play for surveillance
As part of a pilot project codenamed IRRITANT HORN, NSA and an electronic eavesdropping unit called the Network Tradecraft Advancement Team were working on a method that used the XKEYSCORE spying system to identify smartphone traffic and allow the sending of malicious data "implants" to targeted devices. A typical "man-in-the-middle" attack is described, with hackers placing themselves between the smartphone and server and observing, or modifying the data they communicate.
In the NSA and NTAT's case, the method would have let surveillance operatives covertly insert malicious code inside data packets exchanged between a smartphone and an app server while an app is being downloaded or updated. Moreover, the agencies were investigating the possibility of hijacking connections to send "selective misinformation to targets' handsets". They also demanded access to Samsung and Google's app store servers, so they could secretly use them for harvesting information about particular phone users.
The project was conceived sometime after the unrest in Tunisia in December 2010, in an effort to prepare surveillance operations as the rebellion spread outside the country and into the Middle East and North Africa. The agencies were targeting the African region, but eventually pinpointed app store servers in France, Switzerland, Bahamas, the Netherlands and Russia. Although mobile surveillance makes sense in the event of huge public gatherings (e.g. riots and rallies), where a big mass of people with mobile devices is assembled, the app store-reliant method of surveillance is certainly questionable.
Neither the NSA, nor any of the Five Eyes agencies would answer questions related to the activities, although some of them acknowledged the operations as part of their foreign intelligence duties.
source: CBC News via The Intercept