How to Check if Your Android App is Stealing Info

Yeah, if a wallpaper app has permissions to your messages, calls, and sent data, it's probably not a mere wallpaper app.

Simple rule of thumb....

Free wallpapers, ring tones, screen savers, games, it's usually Spyware or worse.

That's why so many people are always asking to have their computers repaired.

You'd think they would be a bit more careful with their phones.

think those people are followers to the apple mentality to security: they target windows machines, so we don't need to worry about security.

There's always a price tag, nothing free.

a wise man once said there is no patch to human stupidity

Sounds like par for the course, my BB is the same way. Every time I install something I get like 5 different prompts saying Soandso requests access to this or that.

This whole sending data to China thing has been debunked - please do some fact checking.

http://www.androidtapp.com/android [...] -data-fud/

Always read the "fine print" under the permissions.

"Services that cost you money" is a big red flag, but this is applies to anything that can enter in a phone number or pre-populate a text message for you. At the same time, your wallpaper app should do neither.

"Storage" is another one. Lots of apps store settings or data on the SD card, but it still shows up in red, so is it really a problem?

Maybe you downloaded a Flickr app, why does that app need access to your Personal Information (contacts)? Maybe the app lets you set a picture as the icon of a contact, it has to read and modify your contacts info to do this.

My point is, its not always clear-cut as to why the app needs the data it requests. I wish google would make it a little clearer (and maybe force the developer to include a little statement as to why they need it). In the end, if you're worried, just don't download the app. Life won't end if you can't download your 23rd fart app.

Well there are patches for them, the only problem is humanity always seems to be able to make a newer, more stupid version of stupidity

... not android app's... spyware!!!

And people wonder why Jobs prefers a "Walled Garden" approach.

That's not really a the point of this. It's like saying 'no wonder some parents wipe everything down with anti-bacterial wipes'. Anything that is too controlled and assumed safe will fail hardest when it's crunch time. Like those poor children's immune systems.

Mario wallpaper app requires internet access. Oh well, I love seeing it WAY to much to care. Compared to others, though, it's not nearly as intruding.

Since the whole story about the wallpaper spyware has been declared as FUD, I'm just going to say Apple Sucks and be done with it.

http://www.androidtapp.com/android [...] -data-fud/

while there are some great wallpaper/ringtone apps that i'll accept network access on due to their ads, Sometimes things like "media manager" or other location and GPS based tools are really trying to steal my information.

I don't care if sending those data is legit or not. I would never allow a wallpaper to send any data. If the developer really needs to improve the content of their product, they should do so explictly and not hiding it from the user.
Most newer applications now would ask you for permission before sending any data. And all developers should follow this standard of practice. Otherwise, I would consider them as non-legit.

The sending data to China HAS NOT been debunked!
You mean to tell me that a wallpaper needs to collect device id,phone number and subscriber id and then you have the audacity to say it's not gathering user data! How is that not user data and why is a wallpaper collecting those things?
Sure thing Chang, keep thinking everyone in the world is stupid. They should ban Chinese software, it seems you can't trust anything coming from that country.

Fact check!!??

@yurismirov the combination of phone number & device id is a great way to remember you across devices and provide personalisation like favorites without an explicit registration.

Also keep in mind that free applications may need internet, location and phone state to provide ads.
Android ads by Apple/Quattrowireless require

# INTERNET
# READ_PHONE_STATE
# ACCESS_COARSE_LOCATION
# ACCESS_FINE_LOCATION

Source: http://wiki.quattrowireless.com/index.php/Android

is it just me or cant you do that on droid/milestone with 2.1?

Lol, it is about time there was a new post on Toms Hardware that was not a negative towards the IPhone. There have been a number of these reports that speaks to rootkits and other things on the Android or Droid platform that is never mentioned. Since when is it ok to have to worry about malware or root kits on a cell phone. That is BS. Android is a great OS for a phone but not everthing on every device should be open. There needs to be some rules and some set of controls for communication devices. This is why you will probably never see alot of Android devices in the Enterprise space unless the company does not have a security policy for their smartphones. That is not to say that it will never get there but right now it is not there. IPhone is just now getting there since Apple provides utilities to manage the security and be able to remote wipe the devices from a administrative console. This is why Blackberry is still dominant in the enterprise space.

You are correct however the problem is that you assume that all developers are following the common standard so you install a application and never realize that it is sending date because it never prompted you to.

Another poster is absolutely correct, the walled garden vs open garden argument is really stupid. There is benifits to both. Personally since I use my phone for business I could never use an Android device due to security concerns. Also, it is a freaken phone for Christ sakes, if any device you have needs to be reliable and risk free it would have to be your phone since it is the device you go to first for emergency purposes, is used to tether your ass to your job, as well as many other things. Now with smart phones you also have financial information on there. Another article on Toms hardware speaks to Cell phones replacing credit cards. +1 for walled garden for that one alone. There is a place for both aproaches. The open garden needs to provide more security, the walled garden needs to allow more flexibility. At the end of the day, walled or not, it is still a garden and these phones are doing wayyyyyy more than they ever have before. So what is the point of having the debate, buy the phone that fits your needs and enjoy it.

The wall garden versus fully open debate is completely mute point. The most "open" walled garden approach I can surmise has 2 basic functions. First is to prevent sloppy programmers from mucking up the OS; which I consider to be a benign and laudable effort. Second is to minimize malicious intent by attempting to ensure that everyone plays by the same rules; no spyware or other abuse of trust. The 2nd is a lot like posting a security team at a ball-park or having bouncers in front of a night-club. It's an imperfect solution that creates exclusion.

In the case of Apple, they also use the gate-keeper role to weed out rule abusers, to prevent rights infringement, and to provide a minimum threshold of family friendliness.

Which may or may not be fine and dandy but is actually besides the point here people. The truth about gate keepers or security in general is that security really only keeps the honest people honest. The trully depraved and malicious individuals will always find a way around security. This is true in meatspace and it remains true in cyberspace. No amount of effort by any company or government can with-hold the on-slaught of criminal elements that have decided to target you.

True for the most part, however the purpose of having a level of security is not so guarantee protection, it is to provide enough resistance to make the attacker look for an easier target.

"The Wall Street Journal" recently published an article on this, titled "Your Apps Are Watching You":

"An examination of 101 popular smartphone "apps"—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsiders."

http://online.wsj.com/article/SB10 [...] 74602.html