backtop


Print 29 comment(s) - last by CZroe.. on Jul 31 at 6:19 PM


Lookout security executives presented at the Black Hat conference in Las Vegas their discovery that a popular Android app stole user info.  (Source: VentureBeat)

Millions of users expected My Little Pony and other wallpapers, but ended up getting their passwords stolen.  (Source: Mike to the Max)
Personal information may be exploited for nefarious purposes

If you download Jackeey Wallpaper from Google's Android Market for your smartphone, you might want to start worrying just about now.  The popular app has been exposed as potentially being a piece of malware designed to steal your personal info and send it to China.

John Hering, chief executive, and Kevin MaHaffey, chief technology officer at Lookout, a mobile security firm, revealed the stunning news at their presentation at the Black Hat security conference in Las Vegas today.  States MaHaffey, "Even good apps can be modified to turn bad after a lot of people download it.  Users absolutely have to pay attention to what they download. And developers have to be responsible about the data that they collect and how they use it."

Jackeey Wallpaper was downloaded millions of times (between 1.1 million and 4.6 million to be precise).  It offers popular wallpapers, such as My Little Pony and 
Star Wars.  Other apps by developer iceskysl@1sters are also collecting similar info.

The app collects your phone’s SIM card number, subscriber identification, and even your voicemail password and sends it to www.imnet.us -- a website owned by someone in Shenzhen, China.

The app warns when attempting to access your "phone info", but many users have reportedly ignored this vague warning.  At least Android has 
some warning on its approved apps though -- there's no warning on approved apps trying to access your private data on the iPhone/iPad.  Users can disable apps ability to access personal data in their Apple device's settings manually, though.

Lookout has studied over 100,000 Apple and Android apps and has found that 47 percent of Android apps and 23 percent of iPhone apps collect some sort of user information.  Some uses appear to be not directly malicious, such as collecting location information to target ads.

The security firm says that Apple and Google are doing a good job policing overtly malicious apps, but that they're having trouble handling apps who behave in a strange, but unclear fashion.  For example no one knows yet whether the Jackeey Wallpaper app did anything malicious with users' voicemail passwords.

App security issues came in to sharp focus over the last month when at least hundreds of iTunes accounts were hacked and app and in-app purchases racked up as much as $1,000 on some users accounts.  Apple was unsympathetic about the incident, suggesting users resolve it with their credit card companies.  Some of the companies didn't even have iPhones, but Apple apparently does not consider this when allowing app purchases.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Tragic
By geddarkstorm on 7/29/2010 2:42:49 PM , Rating: 5
Or even worst: Twilight posters.


RE: Tragic
By JonB on 7/30/2010 9:00:44 AM , Rating: 4
You are obviously not on Team Edward!


"This is about the Internet.  Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can't deal with the Internet, they should shut it off." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki