SECURITY ALERT: Android wallpaper app that steals your data was downloaded by million

[dogie678]

this is why Android phones suck.

questionable Android mobile wallpaper app that collects your personal data and sends it to a mysterious site in China, has been downloaded millions of times.

http://mobile.venturebeat.com/2010/...-steals-your-data-was-downloaded-by-millions/

 

[doboy]

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; SGH-T959 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17)

That was my fear all along about android os. It'll be much worse in no time.

 

[Bobby Corwen]

Thats scary actually. Im returning my Android and getting an iPhone 4 with a bumper.

 

[Stay Tuned]

Perhaps you should post this on an android for then instead of an IPHONE FORUM?

 

[doboy]

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; SGH-T959 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17)

Thats scary actually. Im returning my Android and getting an iPhone 4 with a bumper.

For real or being sarcastic?

 

[stridemat]

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; SGH-T959 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17)



For real or being sarcastic?

I would guess they are being sarcastic.

 

[bigsexyy81]

I'm not sitting here saying that Apple goes through a seriously thorough review of every app that comes across their plate, but at least they say they do and I have something to fall back on. I'd be shocked if there weren't a crapton of apps doing this on Android.

 

[doboy]

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; SGH-T959 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17)

Perhaps you should post this on an android for then instead of an IPHONE FORUM?

He can post it anywhere he wants. I have both iPhone 4 and Samsung Vibrant, but mainly hang out at Macrumors. Still deciding on which phone to keep

 

[dogie678]

More details. http://www.appleinsider.com/article...id_users_hit_by_malicious_data_theft_app.html

An app distributed by Google's Android Market has collected private data from millions of users and forwarded it to servers China, validating Apple's uniquely strong stance on mobile security in the iPhone App Store.

The exploit, tied to an app that appeared to simply load free custom background wallpapers, was downloaded "anywhere from 1.1 million to 4.6 million times. The exact number isn’t known because the Android Market doesn’t offer precise data," according to a report by Dean Takahashi of VentureBeat.

The app "collects a user’s browsing history, text messages, your phone’s SIM card number, subscriber identification, and even your voice mail password. It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China," the report noted.

 

[macfan881]

I find it Ironic that this is not on any of the big name tech blogs yet but if this was on the iPhone you'd be hearing on everysite and ESPN.

 

[dogie678]

I find it Ironic that this is not on any of the big name tech blogs yet but if this was on the iPhone you'd be hearing on everysite and ESPN.

its already on Techmeme, Appleinsider, Venturebeat, financial times, eWeek, Technologizer, Techflash, etc.

 

[eaglesteve]

They also stole my entire contact database without my permission when I used a application called MyBackup. The application pretended that the backup is only from the phone to e SD card. But when I restored, everything was sent to the cloud, and not my phone. Luckily I didn't trust Android to use it for my eWallet, and accounting application yet.

They have no respect for privacy there.

 

[dogie678]

that sucks.

 

[SonoViva]

Watch Steve Jobs' reaction, starting at 0:05.

http://www.youtube.com/watch?v=v9vyE5IjT0w

 

[Fernandez21]

I'm all for apple monitoring the app store for stuff like this and for apps that don't fun right, I just wish they would stop censoring.

 

[dogie678]

I'm all for apple monitoring the app store for stuff like this and for apps that don't fun right, I just wish they would stop censoring.

you can always use an Android phone

 

[Lotso]

I find it Ironic that this is not on any of the big name tech blogs yet but if this was on the iPhone you'd be hearing on everysite and ESPN.

I think the Internet would inevitably explode if it was on Apple's store. This will like just get a 10 second mention on tomorrows news. Maybe Google will offer security "bumpers" now.

 

[sciwizam]

I wonder to what processes this app asked for permissions to access. If your wallpaper app was asking permissions to unnecessary stuff and you went ahead and installed it, PEBKAC.

 

[jaykk]

I think the Internet would inevitably explode if it was on Apple's store. This will like just get a 10 second mention on tomorrows news. Maybe Google will offer security "bumpers" now.

I guess there are vested interest and co-ordinated attack against apple. They want to see Apple fail, so that they can go back to old virus ridden windows style world or even DOS days.

 

[ChazUK]

I've just done a quik check of permissions reqested on one of the suspected wallpaper apps and something does seem fishy:

Storage and Network communication permissions make sense (needs to write wallpaper to SD card and needs to download wallpapers) but the location and phonecalls one seems odd (unless the phonecalls was to quit the app once a call was initiated and the location was for analytics).

I thought I'd compare with two apps that genuinely have reason to access SMS/Contact info and the permissions requested are very different (Chomp SMS and Phonebook 2.0):

On the jackey wallpaper app there was no mention of accessing phone numbers, SMS messages or personal information.

This puts me off too:

The data theft was only discovered afterward, through forensics performed by mobile security firm named Lookout which sells virus and malware protection software for Android, Windows Mobile and BlackBerry devices.

They have something to sell and they have nasty stories of malware on Android.

All of it seems odd to me but one word of warning, always check the permissions requested before installing an app.

 

[Vegastouch]

So what is the App called? I didnt see a mention of it.

 

[dogie678]

This puts me off too:

They have something to sell and they have nasty stories of malware on Android.

That doesn't mean they're wrong. Android phones are insecure. and thats a fact.

 

[ChazUK]

So what is the App called? I didnt see a mention of it.

"The app in question came from Jackeey Wallpaper, and it was uploaded to the Android Market, where users can download it and use it to decorate their phones that run the Google Android operating system. It includes branded wallpapers from My Little Pony and Star Wars, to name just a couple."

Except it isn't a single app, the dev has many wallpaper apps on there:

 

[doboy]

Sure you can check the permissions, but most people aren't going to look over that and even if they do, there are not going to know what's appropriate for a particular app.

Edited: also can't the developers just lie about the permissions?

 

[ChazUK]

That doesn't mean they're wrong. Android phones are insecure. and thats a fact.

If you actually look into what you are installing, any insecurities are avoidable. The very fact that Jackey Wallpapers apps do not request SMS info means I will wait before worrying (not that I use a wallpaper app at all).

Contact theft isn't impossible on iOS either: http://www.appleiphoneschool.com/2008/07/24/aurora-feint-removed-from-app-store/