The National Security Agency knew about a serious security flaw in the world’s most popular smartphone web browser but didn’t alert the developer because they were using it to hack into any smartphone they wanted. This left almost half a billion people’s data vulnerable to hackers.

On Wednesday, CBC News published top-secret documents obtained by NSA whistleblower Edward Snowden.

The top-secret documents outlined the NSA’s plan for exploiting a security weakness in the UC Browser. Apparently the agency discovered that the UC Browser, which is most popular in China and India, was leaking incredible amounts of personal and identifying information about its users’ phones, and yet they said nothing about it to anyone.

So the NSA knew billions of smartphones were at risk of being hacked but did nothing so they could hack the phones themselves. What the hell, NSA?

But it gets worse. The NSA and its closest allies also wanted to hijack data links to the Google and Samsung app stores to infect smartphones with spyware. Here’s how The Intercept put it:

The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.

As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.

These programs are supposed to be stopping terrorists, but it seems less and less likely that they’re helping fight terrorism and more likely that they’re spying on innocent citizens.