Pakistan is at it again. A coordinated network of mobile applications and developers from Pakistan has been targeting enthusiasts of the Indian Armed Forces and police as well as BJP supporters, an India Today investigation has revealed

According to Google Play Store data, these developers claim to operate from the UK and Australia but the India Today probe reveals that the network is deeply linked to Pakistan and functions out of Islamabad.

The revelation comes at a time when the issue of data security of mobile applications run by hostile countries is on top of the government’s list. The network consists of several applications and android apps, some of them have become defunct while others still remain active on Play Store. These developers have also created applications linked with Pakistan Prime Minister Imran Khan and Pakistan army.

Targeting Indian Armed Forces And Law Enforcement

An android application available on Play Store named 'Indian Army PhotoSuit Editor 2020-Army Suit Editor' promises to give its users a customised look of the Indian Army, Navy and Air Force uniform. The description of the app reads: “Here you can see how you look in these clothes if you purchase these suits from the market. So you can easily get an idea related to those wear clothes or army dress”.

The app has been downloaded more than 10,000 times from Play Store and has the access to a user’s camera, storage and network. The app also offers "Abhinandan Style” handlebar moustache look to its users.


The app’s top positive reviews come from dubious accounts created with pictures and names of film stars such as Nicole Kidman and Winona Ryder.


Its developer SnowBerry has another app under its portfolio named 'Police Suit Photo Editor - Man Police Photo Suit' which prominently flaunts the khaki uniform donned by police personnel in India.


The app has access to the user’s network, camera, phone and USB storage. Additionally, SnowBerry has created several other apps such as 'Talking PM Imran Khan PTI Kaptaan Talking', 'Funny Urdu WAStickers 2020 - Urdu Stickers Free', 'Muslim Globe - Prayer times, Quran, Azan & Qibla', and 'Urdu Poster Master 2020 - Urdu Poster Maker'. These apps are available on Google’s Play Store platform.


Developer’s Shady Network

According to Google Play Store data, the app developer SnowBerry claims to have its address in Birmingham, UK, but did not provide its full address. The webpage carrying its privacy policy is essentially a one-page blog.

India Today tracked two email addresses mentioned on the privacy policy page of SnowBerry and a blog page, described as a webpage of SnowBerry on its Google Play Store profile. This led us to at least four other identities linked to SnowBerry. These developers and their apps mostly mimic the identity of other popular developers, apps and games, to hide in plain sight.

We were able to link FioreAppsInc, RedBeriApps, Uabrave and InstaBerry together with common email addresses and homepages. Of these, FioreAppsInc seemed defunct; however, we found evidence that it had created apps in the past which were later removed from Google Play Store.


Several apps created by RedBeriApps and Uabrave are still available on the android platform. Uabrave claims to operate from Brisbane, Australia, and offers many android applications, including one which allows users to create their customised BJP posters with PM Narendra Modi’s pictures and BJP symbol.


The Pakistan Connection

In order to promote one of its VPN apps, SnowBerry uploaded a YouTube video of the app.


India Today investigation found that the YouTube account which uploaded the video used a fake identity of English cricketer Anya Shrubsole.


This YouTube account has provided its location in Pakistan. Additionally, our investigation followed the email addresses provided in these developers’ privacy policies which led us to InstaBerry Technologies, a technology firm in Pakistan.


The InstaBerry admin posted a blogspot page on Play Store which matches with a Facebook page of InstaBerry Technologies.

We matched the Facebook page transparency data with its bio, according to which the Facebook page had three admins, all of them were from Pakistan. We also found a phone number on the Facebook page with a Pakistan country code. The number mentioned on the page is an Islamabad landline number.


Suspected Malicious App Network

India Today worked with Delhi-based cyber security firm Voyager Infosec for further analysis of this network and found evidence of suspicious behaviour.

Jiten Jain, director of Voyager Infosec who reverse engineered the apps to unravel their malware-like behaviour, said, “During the reverse engineering process, we break open the entire application and in a manner recreate a decompiled source code. We have looked into how and when the permissions granted to these apps are being utilised and which servers are being used."

It was also observed that data in these apps are being sent to servers which earlier have been blacklisted by various independent operators. Asked to assess the extent of the threat, Jain explained, “These are snooping apps, it is not about smaller or bigger threat; once they get permissions from your device, they are designed to steal all kinds of data. The threat entirely depends on the intent of the actor controlling the network."

Jain called for an immediate regulatory intervention and said “if there are apps which have any connection to the Indian Armed Forces, they should be reviewed and forced to take permission from relevant authorities”.