C
The Handcent Next SMS app was flagged by Play Protect and taken down from the Play Store on March 26 due to embedding a malicious 3rd-party library and returned on March 30 with an updated, clean version.
Timeline
On March 26, according https://android.stackexchange.com/users/371073/user223149 while https://android.stackexchange.com/q/246037/44325 ,
Got this answer from support:
Our app Handcent Next SMS has been misidentified as malware by Google, we are in talks with Google to get our app back to play store. [...]
Around 1 hour later, this was later confirmed on the official https://www.handcent.com/ , https://twitter.com/Handcent/status/1507549097288380416 , and https://www.facebook.com/handcent/posts/2198804186934782 ,
Our app Handcent Next SMS has been misidentified as malware by Google, we are in talks with Google to get our app back to play store. [...]
https://www.reddit.com/r/androidapps/comments/to1ss4/comment/i26xjel/?utm_source=reddit&utm_medium=web2x&context=3 sent an email to Handcent support and got a reply,
I got a reply this morning with an explanation and an attachment with v9.9.9.
*Security patch to fix a potential threat
*Other fixes to make sure it's in a good safe state
I installed it, and so far, so good.
[...]
Meanwhile, on March 28, Handcent posted an update to the same channels.
https://www.handcent.com/
We have resolved the issue, together with Google. The app will return to the play store soon. [...]
https://twitter.com/Handcent/status/1508282177926021126
We have resolved the issue, together with Google. It usually takes one day or two. [...]. It’s safer and good to go now.
https://www.facebook.com/handcent/posts/2200406613441206
We have resolved the issue, together with Google. The app will return to the play store soon. It usually takes one day or two. [...]. It’s safer and good to go now.
On March 30, the app was back on the Play Store with v9.9.9.1.
https://www.handcent.com/ also mentions,
We are pleased to announce that Handcent Next SMS is back to the Google Play . [...]
Handcent also followed up on their social media on March 31.
https://twitter.com/Handcent/status/1509374817752952832
Next SMS is now back on the play store, you could go to the play store and install it. [...]
https://www.facebook.com/handcent/posts/2202641403217727
Next SMS is now back on the play store, you could go to the play store and install it. [...]
Those who sent an email might also receive a follow-up reply mentioning the app version on the Play Store,
Next SMS is now back on the play store, you could go to the play store and install it 9.9.9.1. [...]
Cause
I decided to send an email to Handcent Support and received the v9.9.9 APK file, then also downloaded the APK for v9.9.9.1 after it was published on the Play Store. After decompiling and comparing the content with v9.9.8.6 and v9.9.8.5, one noticeable thing is the removal of coelib.c.couluslibrary since v9.9.9 (including v9.9.9.1 from the Play Store).
AppCensus published a blog article written by Joel Reardon on April 6, titled https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/ . It explained what and how this library worked in detail. Quoting a relevant part about this specific incident,
Disclosure
The following table are the apps that we confirmed communicating with mobile.measurelib.com. We reported this issue to Google on October 20th, 2021 along with this list of apps. They investigated it and removed these and other apps containing the SDK from the Play Store. [...]
App Name
Privacy Policy
Installations
phone
email
IMEI
GPS
router SSID
router MAC
[...]
[...]
[...]
[...]
[...]
[...]
[...]
[...]
[...]
https://play.google.com/store/apps/details?id=com.handcent.app.nextsms
https://web.archive.org/web/20220118151158/https://www.handcent.com/static/%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20ApplicationPrivacyStatement.html
1 million+
no
yes
yes
no
yes
yes
[...]
[...]
[...]
[...]
[...]
[...]
[...]
[...]
[...]
(Emphasis added)
An article from Android Police published on April 7, titled https://www.androidpolice.com/google-play-store-boots-data-harvesting-software-intelligence/ also stated,
Still, there is some hope for those who have lost income streams from Google's ban. The company may allow some apps to return — as long as they delete the Measurement Systems code. The first few are in fact already back.