The NSA allegedly hijacked data links to the Google and Samsung app stores in an attempt to infect people’s smartphones with spyware, according to files leaked by the whistleblower Edward Snowden.
Spies from the "Five Eyes" alliance, which includes the US, UK, Canada, New Zealand and Australia, are believed to have identified smartphones’ traffic through their Internet spying systems, and tracked mobile connections to the app marketplaces.
Once these connections were hijacked spies from the international Network Tradecraft Advancement Team would exploit them to send "implants" to particular devices, according to the news site The Intercept which released the documents.
After infection, smartphones then silently sending data back to the agencies, with information collected by the NSA include emails, texts, web history, videos and photos.
Such hacking is known as a man-in-the-middle (MitM) attack, in which hackers place themselves between two computers, typically a client and a server.
Google and Samsung declined to comment on the story.
As well as snooping on phones, the spy agencies were also targeting the app stores themselves in a bid to collect similar data about phone users, particular after the Arab Spring led to fears of greater unrest in the Middle East.
The findings add to a significant public knowledge about the extent of NSA snooping in programmes revealed by Snowden, and also coincide with considerable debate over the limits on spying authorised by the US Patriot Act, some clauses of which are up for renewal in Congress.