Posted on 07/28/2010 8:16:44 PM PDT by Gomez
A questionable Android mobile wallpaper app, which collects your personal data and sends it to a mysterious site in China, has been downloaded millions of times, according to data unearthed by mobile security firm Lookout.
That means that apps that seem good but are really stealing your personal information are a big risk at a time when mobile apps are exploding on smartphones said John Hering, chief executive, and Kevin MaHaffey, chief technology officer at Lookout, said in their talk at the Black Hat security conference in Las Vegas.
“Even good apps can be modified to turn bad after a lot of people download it,” MaHaffey said. “Users absolutely have to pay attention to what they download. And developers have to be responsible about the data that they collect and how they use it.”
The app in question came from Jackeey Wallpaper and it was uploaded to the Android Market, where users can download it and use it to decorate their phones that run the Google Android operating system.It includes branded wallpapers from My Little Pony to Star Wars.
“This is something everyone should be vigilant about,” Hering said.
It collects a user’s browsing history, text messages, your phone’s SIM card number, subscriber identification, and even your voice mail password. It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China. The app has been downloaded anywhere from 1.1 million to 4.6 million times. The exact number isn’t known because the Android Market doesn’t offer precise data.
The Lookout executives found the questionable app as part of their App Genome Project. Lookout is a mobile security firm and it logged data from more than 100,000 free Android and iPhone apps as part of the project to analyze how apps behave. It found that the apps access your personal data quite often. On Android, each user is asked if they give their permission to access an app, but on the iPhone, where Apple approves apps, no permission is needed.
The executives also found that many apps use third-party software programs to do things such as feed ads into an app. Often, developers unquestionably use the software development kits of those third parties in their apps, even if they don’t know what they do. The search through the data showed that Jackeey Wallpaper and another developer known as iceskysl@1sters! (which could possibly be the same developer, as they use similar code) were collecting personal data. Roughly 47 percent of Android apps access some kind of third-party code, while 23 percent of iPhone apps do.
Hering said in a press conference afterward that he believes both Google and Apple are on top of policing their app stores, particularly when there are known malware problems with apps. But it’s unclear what happens when apps behave as the wallpaper apps do, where it’s not clear why they are doing what they are doing.
ping
That didn’t take long. What did you expect from Google? They more or less built an empire from doing the same thing.
For the time being I’m making do with a Motorola ROKR i.e. Motorola’s current version of a simple $100 ebay cellphone with a good camera and a gig and a half or two gig of memory.
It isn’t obvious I need more than that and it saves a lot of grief.
ARGH!!
Well, it's immoral to let a fool keep his money, anyway.
Conjugation lesson:
I improve the customer experience.
You harvest user data.
He/She/It embeds spyware.
I agree. My phone is two and a half years old and all I can do it text and talk.
Won't be long before we read about people willing to have electronics implanted in their brains in order to "stay connected" 24 hours a day.
Wow, this is scary. Someone is going to solve this problem of securing data from other apps and make a lot of money. Until then...could be dicey.
But I swore I would never let ‘My Little Pony’ burn me again...
Now we know why Apple “controls” the apps it allows on iPhones and iPods.... to limit the type of crap that is allowed in unrestricted apps.
[chuckle]
ping
Note that trojans are a growing issue for all cell phones, including the iPhone. The best defense is an aware user - promising a phone cannot be infected, or that every app is 100% screened for your protection breaks down the best virus scanner out there - the owner.
I thought you’d find this one interesting, considering your phone background. When I read it, I thought about all the mentions you’d made about phone apps accessing the system without restraint.
Yep, it is an issue. I personally think the best solution is what Android does - you can install anything you like (there’s no way to screen apps successfully, as the [benign]trojan for the iPhone I linked above shows), but you have to agree to the access the app needs.
Hmmm, a wallpaper app that needs network access and browsing history? I don’t think so! But just like in the computer world where you get people who will click on “OPEN THIS ZIP FILE FOR YOUR UPS TRACKING INFO!!!” you will get people who will download and install trojans on their phone.
It’s not a weakness of the phone, it’s a weakness of the user. And trying to protect dumb users from themselves is ALWAYS a losing effort.
Tell the user what the app needs, so the user needs to explicitly authorize that access, and then be done with it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.