A questionable Android mobile wallpaper app that collects your personal data and sends it to a mysterious site in China, has been downloaded millions of times, according to data unearthed by mobile security firm Lookout.
That means that apps that seem good but are really stealing your personal information are a big risk at a time when mobile apps are exploding on smartphones, said John Hering, chief executive, and Kevin MaHaffey, chief technology officer at Lookout, in their talk at the Black Hat security conference in Las Vegas today“Even good apps can be modified to turn bad after a lot of people download it,” MaHaffey said. “Users absolutely have to pay attention to what they download. And developers have to be responsible about the data that they collect and how they use it.” The app in question came from Jackeey Wallpaper, and it was uploaded to the Android Market, where users can download it and use it to decorate their phones that run the Google Android operating system. It includes branded wallpapers from My Little Pony and Star Wars, to name just a couple. t collects your browsing history, text messages, your phone’s SIM card number, subscriber identification, and even your voicemail password. It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China The app has been downloaded anywhere from 1.1 million to 4.6 million times. The exact number isn’t known because the Android Market doesn’t offer precise data. The search through the data showed that Jackeey Wallpaper and another developer known as icesk...@1sters! (which could possibly be the same developer, as they use similar code) were collecting personal data. The wallpaper app asks for “phone info,” but that isn’t necessarily a clear warning. The Lookout executives found the questionable app as part of their App Genome Project. Lookout is a mobile security firm, and it logged data from more than 100,000 free Android and iPhone apps as part of the project to analyze how apps behave. It found that the apps access your personal data quite often. On Android, each user is asked if they give their permission to access an app, but on the iPhone, where Apple approves apps, no permission is needed. Roughly 47 percent of Android apps access some kind of third-party code, while 23 percent of iPhone apps do. The executives also found that many apps use third-party software programs to do things such as feed ads into an app. Often, developers unquestioningly use the software development kits of those third parties in their apps, even if they don’t know what they do. In many cases, there is a good reason for the use of personal information. Ads, for instance, can be better targeted if the app knows a user’s location. Hering said in a press conference afterward that he believes both Google and Apple are on top of policing their app stores, particularly when there are known malware problems with apps. But it’s unclear what happens when apps behave as the wallpaper apps do, where it’s not clear why they are doing what they are doing. http://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/ °I'm not God but I use G.O.T° -- "Indonesian Android Community [id-android]" Join: http://groups.google.com/group/id-android/subscribe?hl=en-GB Moderator: [email protected] ID Android Developer: http://groups.google.com/group/id-android-dev ID Android Surabaya: http://groups.google.com/group/id-android-sby ID Android on FB: http://www.facebook.com/group.php?gid=112207700729
