{
	"id": "f91d77cb-711d-4535-8e4f-e8ee724b752c",
	"created_at": "2026-04-06T00:08:52.671185Z",
	"updated_at": "2026-04-10T03:30:33.535229Z",
	"deleted_at": null,
	"sha1_hash": "999ee7dfc0d5ea520ac0637ff160909270922a01",
	"title": "SmeshApp Removed from Play Store Because Pakistan Used It to Spy on Indian Army",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36516,
	"plain_text": "SmeshApp Removed from Play Store Because Pakistan Used It to\r\nSpy on Indian Army\r\nBy Catalin Cimpanu\r\nPublished: 2016-03-19 · Archived: 2026-04-05 18:09:25 UTC\r\nIndian TV station CNN-IBN has discovered that Pakistani officials were collecting data about Indian troop\r\nmovements using an Android app called SmeshApp.\r\nAccording to the TV station's investigation, which received a tip from an inside source, Pakistan army's Inter\r\nService Intelligence (ISI) agency was behind an Android app available through Google's Play store, named\r\nSmeshApp (Google Cache link). It was actually a simplistic IM application that never had more than 1,000\r\ninstallations.\r\nThrough honeytraps and a spam campaign on social media, the app became popular among Indian army troops.\r\nReporters are saying that the app collected information on its users, such as geolocation data, photos, emails,\r\nmessages, and call history, and sent it to a server in Germany, which was rented by a man living in Karachi,\r\nPakistan.\r\nIndian officials started to suspect that something was wrong when the app began to spam other army personnel by\r\ntaking address books from devices it was installed on and sending spam to all the contacts.\r\nIndian officials are fearing that Pakistan's intelligence agency or Pakistani terror groups could use the information\r\namassed through this app to plot attacks against India by exploiting holes in border defenses to sneak through\r\nother terror groups in the country.\r\nIndian army had warned personnel to avoid SmeshApp in February\r\nAfter the terrorist attack on the Indian Air Force (IAF) Pathankot base that took place in January 2016, India\r\nstarted moving a large number of troops towards its borders, after it was discovered that the terrorists were from\r\nPakistan and heavily communicated with somebody located in Pakistan before the attack.\r\nBack in February 2016, Indian army officials issued a warning against the usage of three apps, WeChat,\r\nSmeshApp, and Line, fearing that these apps collected too much information if installed on smartphones used by\r\nIndian army personnel.\r\nFollowing the CNN-IBN investigation, Google intervened on Tuesday, March 15, and removed SmeshApp from\r\nits official Play Store.\r\nOf course, if Pakistan's ISI or anyone else wants to collect data on Indian officials, the app could be rebranded and\r\nuploaded to Google's store at any time, under a different name. The only way for Indian army personnel to stay\r\nhttps://news.softpedia.com/news/smeshapp-removed-from-play-store-because-pakistan-used-it-to-spy-on-indian-army-501936.shtml\r\nPage 1 of 2\n\nsafe is to avoid installing unknown apps and only stick to the big guns, such as Facebook Messenger, WhatsApp,\r\nSignal, Telegram, and the rest.\r\nSource: https://news.softpedia.com/news/smeshapp-removed-from-play-store-because-pakistan-used-it-to-spy-on-indian-army-501936.shtml\r\nhttps://news.softpedia.com/news/smeshapp-removed-from-play-store-because-pakistan-used-it-to-spy-on-indian-army-501936.shtml\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://news.softpedia.com/news/smeshapp-removed-from-play-store-because-pakistan-used-it-to-spy-on-indian-army-501936.shtml"
	],
	"report_names": [
		"smeshapp-removed-from-play-store-because-pakistan-used-it-to-spy-on-indian-army-501936.shtml"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434132,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/999ee7dfc0d5ea520ac0637ff160909270922a01.pdf",
		"text": "https://archive.orkl.eu/999ee7dfc0d5ea520ac0637ff160909270922a01.txt",
		"img": "https://archive.orkl.eu/999ee7dfc0d5ea520ac0637ff160909270922a01.jpg"
	}
}