Sign in with
Sign up | Sign in

Google Suspends Android Wallpaper Apps

By - Source: Tom's Guide US | B 15 comments

Android wallpaper apps have been acquiring personal information like subscriber identifiers and voicemail numbers.

Wednesday during the Black Hat security conference held in Las Vegas, mobile security firm Lookout--which provides free anti-virus software for the Android, BlackBerry and Windows Mobile platforms--said that a batch of wallpaper applications found on the Android Market were collecting unnecessary user data.

One of the apps in question was created by Jackeey Wallpaper and included familiar, seemingly harmless images based on Star Wars, My Little Pony and more. According to Lookout, the app was downloaded somewhere between 1.1 million to 4.6 million times--the number varies because Android Market apparently doesn't offer precise data. The app didn't throw up any red flags initially because it only asked permission for "phone info."

However it was discovered that the app collected information such as the device’s phone number, subscriber identifier, and the currently entered voicemail number on the phone. It was also reported that the apps passed the information on to a website owned by someone in Shenzhen, China.

"While this sort of data collection from a wallpaper application is certainly suspicious, there’s no evidence of malicious behavior," Lookout said in a blog. "There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent."

Lookout also said there was another developer known as iceskysl@1sters! collecting identical information with other wallpaper apps. Lookout believes that the two could possibly be connected, as both developers share the same common code inside a class named "SyncDeviceInfoService."

The suspicious wallpaper apps were discovered as part of Lookout's App Genome Project. As of this writing, a quick search for "Jackeey Wallpaper" on the Android Market provided zero results--apparently the developer name has been changed to "callmejack."

"We’ve been working with Google to investigate these apps and they’re on top of it," Lookout said. Google has supposedly suspended the apps until further investigation.

Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 3 Hide
    Anonymous , July 30, 2010 1:17 AM
    Mario wallpaper is all I need.
  • 1 Hide
    peterkidd , July 30, 2010 2:26 AM
    I am going to use lookout from now on.
  • 4 Hide
    eddieroolz , July 30, 2010 4:24 AM
    Wonder how many other apps are doing the same. It's unsettling, really.
  • Display all 15 comments.
  • 1 Hide
    Anonymous , July 30, 2010 6:25 AM
    Turns out that Lookout was probably overzealous. The Developer wrote to Android Central and explained why he sent the phone Id and screensize. He was using it to store the users favorites and send the correct size wallpapers.
  • 0 Hide
    drutort , July 30, 2010 7:04 AM
    and this is also good for those who dont use data :p  and only install apps that are useful... still feel sorry for all those who d/l such innocent apps to only be told later they collected more private info then they should be...

    tbh this is getting out of hand standardization should be made and only controlled data should be allowable to any app IMO

    so some joe cant just create some cheap useless app that some how the masses fall for and then gather all kinds of private data
  • 0 Hide
    awood28211 , July 30, 2010 12:16 PM
    I'm very careful and had to instruct my girlfriend to be very careful when downloading apps. If she's downloading solitaire and it says it can make phone calls then it's prolly not something I want put on her phone...since I pay the bill.
  • 0 Hide
    insider3 , July 30, 2010 1:25 PM
    My question is (And I really don't know so help me out)why do most of these apps out there need all that info? I mean, why does a video game need GPS and phone info for example? I can understand layar or google maps for example. But a wallpaper app needs all of this info? What for?
  • 3 Hide
    smashley , July 30, 2010 3:20 PM
    Yeah, as much as I hate apple, there needs to be a reveiw process for apps. With rules such as it's not allowed to collect information that isn't strictly required. I'm no programmer, but I'd say for wallpaper that would be screen dimensions and maybe device model, but nothing more specific than that.
  • 4 Hide
    i7Rocks , July 30, 2010 4:18 PM

    Keep living in your bubble, most people I know enjoy freedom and with that freedom comes a certain level of responsibility. Sure there will be the few malicious people who intend to do harm, its the price we pay for freedom. You should seriously consider moving .
  • 2 Hide
    CptTripps , July 30, 2010 6:30 PM

    I don't think anyone cares that apps are verified. I do believe people care that they are "censored".

    I wish I were a genius like you as the Iphone has "never" had a virus.

  • 2 Hide
    maestintaolius , July 30, 2010 6:32 PM

    Because there haven't been any iphone SMS or Safari exploits resulting in stolen data...
  • 2 Hide
    maestintaolius , July 30, 2010 6:34 PM
    ... oh wait, yes there was.
  • -1 Hide
    Anonymous , August 3, 2010 10:01 PM
    Now someone’s reputation is ruined. Kudos for the abuse of power you media types. Whatever happened to fact check?

    Same thing back when the Aurora attack happened. Some blog said “Chinese fingerprint” and everyone jumped on it. Turned out the 4-bit nibble CRC code came from 25 year old Novell programming guide.

    And there’s no effort to undo the damage that’s done. We basically can say anything about “Red Commie China” with impunity.
  • 0 Hide
    waffle911 , August 4, 2010 9:20 PM
    …the app collected information such as the device’s phone number, subscriber identifier, and the currently entered voicemail number on the phone.
    It seems a few criticizers of the "damage" done by this finding forgot about this part, and how the information got sent to China. That all seems like a bit more than simple "Phone Info" to me.
  • 0 Hide
    Reynod , August 22, 2010 3:38 AM
    Iv'e edited four posts, deleted two, and sent one user on a three day holiday to Mt Doom.

    Lets try to be civil and argue points without resorting to abuse please?

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS