Android wallpaper apps have been acquiring personal information like subscriber identifiers and voicemail numbers.
Wednesday during the Black Hat security conference held in Las Vegas, mobile security firm Lookout--which provides free anti-virus software for the Android, BlackBerry and Windows Mobile platforms--said that a batch of wallpaper applications found on the Android Market were collecting unnecessary user data.
One of the apps in question was created by Jackeey Wallpaper and included familiar, seemingly harmless images based on Star Wars, My Little Pony and more. According to Lookout, the app was downloaded somewhere between 1.1 million to 4.6 million times--the number varies because Android Market apparently doesn't offer precise data. The app didn't throw up any red flags initially because it only asked permission for "phone info."
However it was discovered that the app collected information such as the device’s phone number, subscriber identifier, and the currently entered voicemail number on the phone. It was also reported that the apps passed the information on to a website owned by someone in Shenzhen, China.
"While this sort of data collection from a wallpaper application is certainly suspicious, there’s no evidence of malicious behavior," Lookout said in a blog. "There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent."
Lookout also said there was another developer known as iceskysl@1sters! collecting identical information with other wallpaper apps. Lookout believes that the two could possibly be connected, as both developers share the same common code inside a class named "SyncDeviceInfoService."
The suspicious wallpaper apps were discovered as part of Lookout's App Genome Project. As of this writing, a quick search for "Jackeey Wallpaper" on the Android Market provided zero results--apparently the developer name has been changed to "callmejack."
"We’ve been working with Google to investigate these apps and they’re on top of it," Lookout said. Google has supposedly suspended the apps until further investigation.
tbh this is getting out of hand standardization should be made and only controlled data should be allowable to any app IMO
so some joe cant just create some cheap useless app that some how the masses fall for and then gather all kinds of private data
Keep living in your bubble, most people I know enjoy freedom and with that freedom comes a certain level of responsibility. Sure there will be the few malicious people who intend to do harm, its the price we pay for freedom. You should seriously consider moving .
I don't think anyone cares that apps are verified. I do believe people care that they are "censored".
I wish I were a genius like you as the Iphone has "never" had a virus.
/sarcasm
Because there haven't been any iphone SMS or Safari exploits resulting in stolen data...
Same thing back when the Aurora attack happened. Some blog said “Chinese fingerprint” and everyone jumped on it. Turned out the 4-bit nibble CRC code came from 25 year old Novell programming guide.
And there’s no effort to undo the damage that’s done. We basically can say anything about “Red Commie China” with impunity.
Lets try to be civil and argue points without resorting to abuse please?