SECURITY ALERT: Android wallpaper app that steals your data was downloaded by million

[Pushkar]

I bet this is Apple's attempt at discrediting the Android after Google & Co. orchestrated the iPhone 4 AntennaGate.


The PR war is not over by a long shot.

The funniest post I have seen in a long time, Fanboy much?

I'm sure Apple released an app that steals personal info from Android phones .

I'm sure there's more than discredit, this would put me off my iPhone if it happened to Apple, i'm sure some Android users will feel the same.

 

[SmackP]

android Is the new Windows you will see

Full of spyware

I agree, CIA....I mean Google's Android is a spy device.

But so is the iPhone (go to Settings->General->About->Legal).

This is simply a battle between Darth Vader and the Emperor - two evil guys wanting to dominate the spy on the citizen market.

No goodies here...

 

[maflynn]

Its sad to see this on any platform. I'm not minimizing the impact, and google does need to implement some level of over sight. Still, it can and does occur on any platform. iOs has the potential for malware as well.

As an aside, I find it interesting that many people here seem to have some sort of inferiority complex with the android platform. I mean any bad news about android, and the threads explode. To be honest, I don't see anything like this on android forums with the iPhone. Yeah the odd post about iPhones not being able to make a phone call, but nothing like a 3+ page thread.

While it seems many people are taking delight in seeing malware, and folks private data being stolen, I'm not one of them. It doesn't please me, if it happens on an iPhone, nor an android based phone.

One size doesn't fit all, and while the iPhone is a great phone, android fits a need that the IP4 doesn't. Yet many people get so defensive, i.e., fanboyism when someone uses a different product.

 

[Pushkar]

Its sad to see this on any platform. I'm not minimizing the impact, and google does need to implement some level of over sight. Still, it can and does occur on any platform. iOs has the potential for malware as well.

As an aside, I find it interesting that many people here seem to have some sort of inferiority complex with the android platform. I mean any bad news about android, and the threads explode. To be honest, I don't see anything like this on android forums with the iPhone. Yeah the odd post about iPhones not being able to make a phone call, but nothing like a 3+ page thread.

While it seems many people are taking delight in seeing malware, and folks private data being stolen, I'm not one of them. It doesn't please me, if it happens on an iPhone, nor an android based phone.

One size doesn't fit all, and while the iPhone is a great phone, android fits a need that the IP4 doesn't. Yet many people get so defensive, i.e., fanboyism when someone uses a different product.

I'm glad you share a common view to me, It's personal data lost so it's bad for anyone associated with the app. But I don't think it's 'exploded' as such, in contrast any problem associated (no matter how big or small) with Apple, everyone explodes, whereas with 1-3m users who have had their data possibly stolen, nothing really happens...

As you said, I have no pleasure in seeing Android, iOS or any such platforms having problems.

 

[Oletros]

Update from http://phandroid.com/2010/07/29/another-app-stealing-data

[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device’s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail’s password is also not transmitted unless you included the password in your phone’s voicemail number field.
We’re not yet certain on what the developer’s intentions are for using the pieces of data it does send to China – so we can’t outright call it malicious – but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone’s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data.

 

[ChazUK]

Update from http://phandroid.com/2010/07/29/another-app-stealing-data

Just as I suspected earlier. The permissions screen shots I posted showed me that the apps do not have permission to read SMS/Contact info.

Another bullcrap story from the media.

 

[Shorts.]

Just as I suspected earlier. The permissions screen shots I posted showed me that the apps do not have permission to read SMS/Contact info.

Another bullcrap story from the media.

I doubt its bullcrap. just because your obessed with google and android doesnt mean there system is perfect.. people seem to be saying BOTH have flaws but you seem to be on the NO way it doesnt have flaws fence .. whatever suits you . no matter how much you try and convince yourself andriod is better. you know deep down the iphone 4 is the best .

 

[rwilliams]

I find it Ironic that this is not on any of the big name tech blogs yet but if this was on the iPhone you'd be hearing on everysite and ESPN.

How is that ironic?

 

[ChazUK]

I doubt its bullcrap. just because your obessed with google and android doesnt mean there system is perfect.. people seem to be saying BOTH have flaws but you seem to be on the NO way it doesnt have flaws fence .. whatever suits you . no matter how much you try and convince yourself andriod is better. you know deep down the iphone 4 is the best .

I'm not trying to say one is better than the other, both systems are equally flawed. I protect myself by looking at the permissions apps use when installing, as I suggested earlier. The very fact I choose to educate people about the permissions warnings in Android is admission of an imperfect system in itself.

All we have now is a developer who has been publicly accused of stealing browsing history/contact details when it is looking like it isn't true. I'd be pissed if I were that person.

Are you going to now say that the people at Phandroid made up the update from Lookout? I've looked into the issue, posted my doubts with evidence (which seem to have turned out to be correct), if you can prove wrong and can prove that the dev has been stealing SMS/Browsing history and contact info, please do.

EDIT: It's the very same poor media reporting that has put Apple into the limelight regarding the iPhone4 reception issues, making it seem worse than it really is.

 

[yg17]

How is that ironic?

It's like rain on your wedding day. It's a free ride when you've already paid.




And now I'm going to kill myself for knowing lyrics to that song.

 

[ChazUK]

It's like rain on your wedding day. It's a free ride when you've already paid.




And now I'm going to kill myself for knowing lyrics to that song.

Would you like some good advice, that you just can't take?

 

[dogie678]

It's on techmeme, engadget, gizmodo, etc.

Android is the Windows of Mobile. Crappy and insecure.

 

[rwilliams]

It's on techmeme, engadget, gizmodo, etc.

Android is the Windows of Mobile. Crappy and insecure.

But just like Windows, a little common sense will go a long way towards keeping your device free of malware and such.

 

[mcdj]

But just like Windows, a little common sense will go a long way towards keeping your device free of malware and such.

And just like Windows, it attracts millions with no common sense.

 

[lilo777]

iPhone owners dont need to worry about all those things.


nice mentioning an article from 2008. the app was removed from the App store. and by the way, this Android hole stole contact lists, text messages,etc.

Stop this PR. Have you not heard about recent case where Flashlight application for iPhone was doing much more than it was supposed to (i.e. tethering). It could have as well be doing spying. Apple does not have a good way of preventing this. If anything iPhone user is in even worse shape than their Android counterparts because (probably due to presumed security of App store) iOS does not have any permission system or at least user is not allowed to see it. Android user gets full information about the permission requested/granted to installed application. If wallpaper asks you for a permission to network access you should be suspicious.

And here is a new interesting fact/article: What Is Apple Secretly Downloading From Your iPhone at Night? It turns out that Apple downloads tons of data (tens of megabytes) from your phone every night. Enjoy.

 

[Chwisch87]

And this is why we don't buy android phones.

Steve Jobs - "freedom from viruses, programs that steal your data" that is iOS 4

 

[lilo777]

And just like Windows, it attracts millions with no common sense.

Have you thought about what "common sense" means? By definition, "common sense" can not be a prerogative of a niche platform.

 

[bumzo1]

As an aside, I find it interesting that many people here seem to have some sort of inferiority complex with the android platform. I mean any bad news about android, and the threads explode. To be honest, I don't see anything like this on android forums with the iPhone. Yeah the odd post about iPhones not being able to make a phone call, but nothing like a 3+ page thread.

That's because all of the people from the android forums come over here to start a fight...

 

[steve knight]

we are foolish to think think that if you have an iphone your safe.
What your phone app doesn't say: It's watching
Story user rating:

JORDAN ROBERTSON
Published: Yesterday

LAS VEGAS (AP) - Your smart phone applications are watching you - much more closely than you might like.

Lookout Inc., a mobile-phone security firm, scanned nearly 300,000 free applications for Apple Inc.'s iPhone and phones built around Google Inc.'s Android software. It found that many of them secretly pull sensitive data off users' phones and ship them off to third parties without notification.

That's a major concern that has been bubbling up in privacy and security circles.

The data can include full details about users' contacts, their pictures, text messages and Internet and search histories. The third parties can include advertisers and companies that analyze data on users.

The information is used by companies to target ads and learn more about their users. The danger, though, is that the data become vulnerable to hacking and use in identity theft if the third party isn't careful about securing the information.

Lookout reported its findings this week in conjunction with the Black Hat computer security conference in Las Vegas.

Lookout found that nearly a quarter of the iPhone apps and almost half the Android apps contained software code that contained those capabilities.

The code had been written by the third parties and inserted into the applications by the developers, usually for a specific purpose, such as allowing the applications to run ads. But the code winds up forcing the application to collect more data on users than even the developers may realize, Lookout executives said.

"We found that not only users, but developers as well, don't know what's happening in their apps, even in their own apps, which is fascinating," said John Hering, CEO of the San Francisco-based Lookout.

Part of the problem is smart phones don't alert users to all the different types of data the applications running on them are collecting. IPhones only alert users when applications want to use their locations.

And while Android phones offer robust warnings when applications are first installed, many people breeze through them for the gratification of using the apps quickly. Google said it tries to limit users' risk with the warnings but consistently advises users to only install apps they trust.

Apple didn't respond to a request for comment on Lookout's research.

 

[Polarian Method]

How exactly do you "send data to a web site"?

There are a wide variety of file upload capabilities supported by the HTTP protocol (WebDAV, XMLRPC, POST, etc.).

 

[pflau]

I'm not sitting here saying that Apple goes through a seriously thorough review of every app that comes across their plate, but at least they say they do and I have something to fall back on. I'd be shocked if there weren't a crapton of apps doing this on Android.

Apple can always remote kill an App.

With Android, because of the open architecture, once you got an app on their phone, it's is impossible to remove.

 

[pflau]

I protect myself by looking at the permissions apps use when installing, as I suggested earlier.

YOU protect yourself. Don't speak for the average Android users who are stuck with Android on their phones because it is free for the cellphone makers.

The average users don't know better and when they find out they got all their private data stolen they would just throw their POS phones at the wall.

 

[Daveoc64]

Apple can always remote kill an App.

With Android, because of the open architecture, once you got an app on their phone, it's is impossible to remove.

The Android Marketplace has the exact same remote kill functionality.

If you install an application manually then that doesn't apply, but there are very few situations where you would do that.

 

[fsck-y dingo]

Wirelessly posted (Mozilla/5.0 (Linux; U; Android 2.2; en-gb; Nexus One Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1)



2008 or not, it happened and didn't we recently have an app approved that let people use their phones internet connection tethered to their computer?
Why didn't apple stop that from happening before approving it?

Apple's system is tighter, but mistakes can happen even on their side too.

To be fair and honest about things, this is true. No OS is 100% secure because none of the people creating them are perfect.

 

[dogie678]

To be fair and honest about things, this is true. No OS is 100% secure because none of the people creating them are perfect.

but this is WAYYY WAYYYY more likely to happen on android phones the same way there are WAYYY WAYY more viruses/spywares/trojans on Windows than MAC OS X.


like i said before...

Android = Windows of Mobile.