The Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, has developed tools to spy on the private messages and contacts of targeted devices, the report said.
Google said: “These vendors help spread dangerous hacking tools and arm governments that would not be able to develop these capabilities internally.”
RCS Lab said its products and services comply with European rules and help law enforcement agencies investigate crimes.
“RCS Lab personnel are not exposed and are not involved in any activities of the relevant customers,” she told Reuters in an email, adding that she condemned any misuse of its products.
Google said it took steps to protect users of its Android operating system and alerted them about spyware.
The global industry that manufactures spyware for governments is growing, with more and more companies developing interception tools for law enforcement organizations. Anti-surveillance activists accuse them of aiding governments, which in some cases use such tools to suppress human and civil rights.
The industry came under the spotlight globally when it emerged in recent years that NSO’s Pegasus spyware has been used by several governments to spy on journalists, activists and dissidents.
Although the RCS Lab tool may not be as stealthy as Pegasus, it can still read messages and display passwords, said Bill Marczak, a security researcher at Citizen Lab.
“It shows that although these devices are ubiquitous, there is still a long way to go to secure them against these powerful attacks,” he added.
RCS Lab describes itself on its website as a maker of “lawful intercept” technologies and services including voice, data collection, and “tracking systems”. It says it deals with 10,000 intercepted targets per day in Europe alone.
Google researchers found that RCS Lab previously collaborated with the controversial Italian spying company, Hacking Team, which similarly created surveillance software for foreign governments to take advantage of phones and computers.
The hacking team went bankrupt after becoming the victim of a major hack in 2015 that exposed several internal documents.
Billy Leonard, a senior researcher at Google, said that in some cases, Google said it believed hackers using RCS spyware worked with the target ISP, suggesting they had ties to government-backed actors.
“Hipster-friendly explorer. Award-winning coffee fanatic. Analyst. Problem solver. Troublemaker.”