Android Wallpaper App That Steals Data Downloaded By Millions

Editor’s Note: This app shows “no evidence of malicious behavior,” researchers say.  It is, however, being regarded as suspicious.  Read about that here.

According to mobile security firm Lookout, a questionable Android wallpaper app that collects data and sends it to a mysterious website based in China has been downloaded by millions of users.

Apps that seem good but could actually be stealing your data are a huge risk as mobile apps are skyrocketing on smartphones, said John Hering, chief executive, and Kevin MaHaffey, chief technology officer of Lookout, in their talk at the Black Hat security conference yesterday.  

“Even good apps can be modified to turn bad after a lot of people download it,” said MaHaffey.  “Users absolutely have to pay attention to what they download. And developers have to be responsible about the data that they collect and how they use it.”

This particular application came from Jackeey Wallpaper, and it was uploaded to the Android Market, where millions of users have already downloaded it.  Users install the app to decorate their Android phone with one of the wallpapers that come with the app.

It collects your your phone’s SIM card number, subscriber identification, and your voicemail password, if it is programmed into your phone.  All of this data is sent to a website, www.imnet.us.  The website is owned by someone in Shenzhen, China.  The app has been downloaded between 1 and 5 million times (the Market does not provide exact numbers).  When you download the app, it requests permission to access “Phone Calls,” but that doesn’t really give you a clear warning that your data is about to be stolen.

According to Lookout, 47 percent of Android apps access some kind of third-party code, while 23 percent of iPhone apps do.  This third party code is often used for serving ads within the app.  Often, apps will need access to that extra information to better gear ads toward you.  For example, knowing your location helps serve ads of businesses in your area.

Hering said that Google and Apple are both good at policing their app stores and fighting malware, but it’s hard to say what will happen to an app like this, when it’s unclear why it’s doing what it’s doing.

[MobileBeat, Lookout]

Advertisements

2 Responses to Android Wallpaper App That Steals Data Downloaded By Millions

  1. Something definitely needs to be done about the Android spyware problem.

    http://misterreiner.wordpress.com/2010/07/29/android-needs-a-chastity-belt/

  2. Pingback: Suspicious Android Wallpaper App Shows “No Evidence Of Malicious Behavior,” Say Researchers « United Tech Guys

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s