SECURITY ALERT: Android wallpaper app that steals your data was downloaded by million

doboy

macrumors 68020
Jul 6, 2007
2,478
962
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; SGH-T959 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17)

That was my fear all along about android os. It'll be much worse in no time.
 

doboy

macrumors 68020
Jul 6, 2007
2,478
962
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; SGH-T959 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17)

Bobby Corwen said:
Thats scary actually. Im returning my Android and getting an iPhone 4 with a bumper.
For real or being sarcastic?
 

stridemat

Moderator
Staff member
Apr 2, 2008
11,211
638
UK
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; SGH-T959 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17)



For real or being sarcastic?
I would guess they are being sarcastic.
 

bigsexyy81

macrumors 6502a
May 2, 2010
626
0
I'm not sitting here saying that Apple goes through a seriously thorough review of every app that comes across their plate, but at least they say they do and I have something to fall back on. I'd be shocked if there weren't a crapton of apps doing this on Android.
 

doboy

macrumors 68020
Jul 6, 2007
2,478
962
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.1-update1; en-us; SGH-T959 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17)

Stay Tuned said:
Perhaps you should post this on an android for then instead of an IPHONE FORUM?
He can post it anywhere he wants. I have both iPhone 4 and Samsung Vibrant, but mainly hang out at Macrumors. Still deciding on which phone to keep :)
 

dogie678

macrumors regular
Original poster
Jun 27, 2010
171
0
More details. http://www.appleinsider.com/article...id_users_hit_by_malicious_data_theft_app.html

An app distributed by Google's Android Market has collected private data from millions of users and forwarded it to servers China, validating Apple's uniquely strong stance on mobile security in the iPhone App Store.

The exploit, tied to an app that appeared to simply load free custom background wallpapers, was downloaded "anywhere from 1.1 million to 4.6 million times. The exact number isn’t known because the Android Market doesn’t offer precise data," according to a report by Dean Takahashi of VentureBeat.

The app "collects a user’s browsing history, text messages, your phone’s SIM card number, subscriber identification, and even your voice mail password. It sends the data to a web site, http://www.imnet.us. That site is evidently owned by someone in Shenzhen, China," the report noted.
 

macfan881

macrumors 68020
Feb 22, 2006
2,345
0
I find it Ironic that this is not on any of the big name tech blogs yet but if this was on the iPhone you'd be hearing on everysite and ESPN.:rolleyes:
 

dogie678

macrumors regular
Original poster
Jun 27, 2010
171
0
I find it Ironic that this is not on any of the big name tech blogs yet but if this was on the iPhone you'd be hearing on everysite and ESPN.:rolleyes:

its already on Techmeme, Appleinsider, Venturebeat, financial times, eWeek, Technologizer, Techflash, etc.
 

eaglesteve

macrumors 6502
Aug 10, 2009
466
0
They also stole my entire contact database without my permission when I used a application called MyBackup. The application pretended that the backup is only from the phone to e SD card. But when I restored, everything was sent to the cloud, and not my phone. Luckily I didn't trust Android to use it for my eWallet, and accounting application yet.

They have no respect for privacy there.
 

Fernandez21

macrumors 601
Jun 16, 2010
4,662
2,907
I'm all for apple monitoring the app store for stuff like this and for apps that don't fun right, I just wish they would stop censoring.
 

Lotso

macrumors 6502
Jul 21, 2010
341
0
OC, California
I find it Ironic that this is not on any of the big name tech blogs yet but if this was on the iPhone you'd be hearing on everysite and ESPN.:rolleyes:
I think the Internet would inevitably explode if it was on Apple's store. This will like just get a 10 second mention on tomorrows news. Maybe Google will offer security "bumpers" now.
 

sciwizam

macrumors regular
Jul 10, 2010
181
0
I wonder to what processes this app asked for permissions to access. If your wallpaper app was asking permissions to unnecessary stuff and you went ahead and installed it, PEBKAC.
 

jaykk

macrumors 6502a
Jan 5, 2002
854
5
CA
I think the Internet would inevitably explode if it was on Apple's store. This will like just get a 10 second mention on tomorrows news. Maybe Google will offer security "bumpers" now.
I guess there are vested interest and co-ordinated attack against apple. They want to see Apple fail, so that they can go back to old virus ridden windows style world or even DOS days.
 

ChazUK

macrumors 603
Feb 3, 2008
5,390
24
Essex (UK)
I've just done a quik check of permissions reqested on one of the suspected wallpaper apps and something does seem fishy:

Storage and Network communication permissions make sense (needs to write wallpaper to SD card and needs to download wallpapers) but the location and phonecalls one seems odd (unless the phonecalls was to quit the app once a call was initiated and the location was for analytics).

I thought I'd compare with two apps that genuinely have reason to access SMS/Contact info and the permissions requested are very different (Chomp SMS and Phonebook 2.0):


On the jackey wallpaper app there was no mention of accessing phone numbers, SMS messages or personal information.

This puts me off too:
The data theft was only discovered afterward, through forensics performed by mobile security firm named Lookout which sells virus and malware protection software for Android, Windows Mobile and BlackBerry devices.
They have something to sell and they have nasty stories of malware on Android.

All of it seems odd to me but one word of warning, always check the permissions requested before installing an app.
 

ChazUK

macrumors 603
Feb 3, 2008
5,390
24
Essex (UK)
So what is the App called? I didnt see a mention of it.
"The app in question came from Jackeey Wallpaper, and it was uploaded to the Android Market, where users can download it and use it to decorate their phones that run the Google Android operating system. It includes branded wallpapers from My Little Pony and Star Wars, to name just a couple."

Except it isn't a single app, the dev has many wallpaper apps on there:
 

doboy

macrumors 68020
Jul 6, 2007
2,478
962
Sure you can check the permissions, but most people aren't going to look over that and even if they do, there are not going to know what's appropriate for a particular app.

Edited: also can't the developers just lie about the permissions?
 

ChazUK

macrumors 603
Feb 3, 2008
5,390
24
Essex (UK)
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.