Print 29 comment(s) - last by CZroe.. on Jul 31 at 6:19 PM

Lookout security executives presented at the Black Hat conference in Las Vegas their discovery that a popular Android app stole user info.  (Source: VentureBeat)

Millions of users expected My Little Pony and other wallpapers, but ended up getting their passwords stolen.  (Source: Mike to the Max)
Personal information may be exploited for nefarious purposes

If you download Jackeey Wallpaper from Google's Android Market for your smartphone, you might want to start worrying just about now.  The popular app has been exposed as potentially being a piece of malware designed to steal your personal info and send it to China.

John Hering, chief executive, and Kevin MaHaffey, chief technology officer at Lookout, a mobile security firm, revealed the stunning news at their presentation at the Black Hat security conference in Las Vegas today.  States MaHaffey, "Even good apps can be modified to turn bad after a lot of people download it.  Users absolutely have to pay attention to what they download. And developers have to be responsible about the data that they collect and how they use it."

Jackeey Wallpaper was downloaded millions of times (between 1.1 million and 4.6 million to be precise).  It offers popular wallpapers, such as My Little Pony and 
Star Wars.  Other apps by developer iceskysl@1sters are also collecting similar info.

The app collects your phone’s SIM card number, subscriber identification, and even your voicemail password and sends it to -- a website owned by someone in Shenzhen, China.

The app warns when attempting to access your "phone info", but many users have reportedly ignored this vague warning.  At least Android has 
some warning on its approved apps though -- there's no warning on approved apps trying to access your private data on the iPhone/iPad.  Users can disable apps ability to access personal data in their Apple device's settings manually, though.

Lookout has studied over 100,000 Apple and Android apps and has found that 47 percent of Android apps and 23 percent of iPhone apps collect some sort of user information.  Some uses appear to be not directly malicious, such as collecting location information to target ads.

The security firm says that Apple and Google are doing a good job policing overtly malicious apps, but that they're having trouble handling apps who behave in a strange, but unclear fashion.  For example no one knows yet whether the Jackeey Wallpaper app did anything malicious with users' voicemail passwords.

App security issues came in to sharp focus over the last month when at least hundreds of iTunes accounts were hacked and app and in-app purchases racked up as much as $1,000 on some users accounts.  Apple was unsympathetic about the incident, suggesting users resolve it with their credit card companies.  Some of the companies didn't even have iPhones, but Apple apparently does not consider this when allowing app purchases.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Are you kidding me?
By behemothzero on 7/29/2010 1:57:24 PM , Rating: 5
Jackeey Wallpaper was downloaded millions of times (between 1.1 million and 4.6 million to be precise )

Where's the "precise" in a range of 1.1 million to 4.6 million?

RE: Are you kidding me?
By InvertMe on 7/29/2010 2:00:16 PM , Rating: 2
I think they were kidding you - I assumed it was joke.

RE: Are you kidding me?
By melgross on 7/29/2010 2:19:18 PM , Rating: 2
Unlike the Apple App Store, the Android market doesn't give good numbers on apps downloaded. They really don't know the number of these apps out there, just that it's somewhere between those numbers.

RE: Are you kidding me?
By ZoZo on 7/29/2010 2:28:06 PM , Rating: 2
Precision is a relative concept.
A range of 1.1m to 4.6m is more precise than the range that "millions" refers to (roughly 1m to 20m, above that range people tend to switch to something else, like "tens of millions").

RE: Are you kidding me?
By leexgx on 7/30/2010 9:02:34 PM , Rating: 2
think they mean 1m on Android and 4m on iphone

RE: Are you kidding me?
By JPForums on 7/30/2010 7:28:31 AM , Rating: 3
Where's the "precise" in a range of 1.1 million to 4.6 million?

It's plenty precise. It equates to about 2.85 million downloads with a variance of only 1.75 million. The variance in downloads is only 61.4% of the nominal ... Oh, wait.

"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki