Not too long ago we discussed keeping your Android device safe from malicious attacks; the general advice was that it doesn’t hurt to take a moment to look at what that cool app is requesting access to, before you download it. This week at the Blackhat security conference, a company by the name of Lookout detailed an app on the market that was extremely questionable in nature:
During our research, we found series of wallpaper applications in the Android Market are gathering seemingly unnecessary data. The wallpaper applications that we analyzed transmitted several pieces of sensitive data to a server over an unencrypted network connection. The data included the device’s phone number, subscriber identifier (e.g. IMSI), and the currently entered voicemail number on the phone (see below for technical details). While this sort of data collection from a wallpaper application is certainly suspicious, there’s no evidence of malicious behavior. There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent.
To be clear, while a simple wallpaper app needs access to such data is very suspect, as of this posting nothing malicious has been discovered in connection with the apps in question. Still, it’s a reminder of just how easily one can open their device to unauthorized access. While various figures are being used for the total number of app downloads, the smallest number being mentioned is 50,000. There are plenty of security apps to choose from to help keep your data safe, including one from Lookout.
Source: MyLookout blog