The US National Security Agency and its international allies, including Britain's GCHQ, plotted to infect Android smartphones by hijacking their connection to the Google Play store and secretly harvest information about phone users in France and North Africa.
New documents released by former NSA contractor and whistleblower Edward Snowden reveal the government agency's plan, codenamed Irritant Horn, was discussed by intelligence alliance the so-called Five Eyes countries (the US, UK, Canada, New Zealand and Australia) between November 2011 and February 2012.
Published by The Intercept, the documents reveal plans for a system which targets the smartphone app stores of both Samsung and Google. The NSA pinpointed the Google Play servers in France, used to send software updates to Android handsets in northern Africa.
Once located, the agency planned to intercept traffic before it reached Google's servers and inject malware into the phones of targets accessing the Play Store, known as a man-in-the-middle attack.
Having gained access to the target's phone, the NSA could then call on a number of its surveillance and hacking programmes to read their contacts list and call logs, or monitor their location in almost real-time, while the target had no idea they were being spied on. And despite both Samsung and Google encrypting the connections between their servers and users' phones, the NSA was able to break through this undetected.
Through documents previously leaked by Snowden, it was known that the NSA had developed spyware for iPhone and Android handsets which could steal emails, text messages, web history, call logs, videos, photos and other files stored on the device; but until now it was unclear how this software was installed onto targets' phones.
Concerns over 'another Arab Spring'
The Intercept, edited by Glenn Greenwald, the journalist who worked with Snowden to start releasing his NSA documents to the public in 2013, claims: "The agencies wanted to gain access to companies' app store servers so they could secretly use then for 'harvesting' information about phone users."
The publication claims the NSA's motivation behind Irritant Horn was concern over "another Arab Spring." Having been caught out the first time around, government spy agencies wanted to be prepared to launch surveillance operations if more unrest broke out.
The NSA also had its eye on China and India, discovering privacy vulnerabilities in UC Browser, a mobile web browser popular in those countries and with a reported half a billion users; it is owned by Chinese web giant Alibaba.
The documents reveal the agency found UC Browser was leaking identifying information about its users' phones. Spies described the discovery as an "opportunity where potentially none may have existed before."
Alibaba Group said in a statement to CBC News, who broke the news alongside The Intercept, that it had found "no evidence that any user information has been taken," although the website speculates that it is unlikely the NSA's spying on leaking data would have been detectable.