We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Rogue Android apps secretly grab user data

Security experts warn Android users at Black Hat event

A number of popular Google Android applications can reportedly collect your mobile device's personal information and then send that data to a Chinese-owned website. The information in question includes your device's phone number, subscriber identifier number and, in some cases, your voicemail password, according to Phandroid.

The accusation comes from the mobile security firm Lookout made during the company's talk at the Black Hat security conference in Las Vegas. Lookout says the apps in question were made by Jackeey Wallpapers, according to a Venture Beat story.

It's unclear if the app is designed to be malicious and what exactly is done with the data collected. The apps let you download a variety of themed wallpapers including popular brands like Windows 7, The Simpsons, Dragon Ball, Hello Kitty and many more. Google does not post download numbers so it's unclear how many times these apps have been downloaded. But Lookout estimates the number could be as high as 4 million. You can find listings for Jackeey Wallpapers' applications on DoubleTwist's online catalogue of Android apps.

After the data has been collected by the wallpaper app it can be sent to the website, imnet.us, VentureBeat says. In addition to Jackeey Wallpapers, another developer named iceskysl@1sters was also reportedly collecting user data. However, a quick look at the whois registrar information for imnet.us reveals that icesksyl@1sters is likely the developer for Jackeey Wallpapers apps. The whois information says the site is registered to a person based in Shenzhen, China. The registrar information also lists the site's contact organisation as "1sters!" and a webmail address for someone named iceskysl. Attempts to contact the site owner for comment were unsuccessful.

Lookout's discovery is part of the company's recently announced App Genome Project that aims to "map and study mobile applications". The company posted some early findings from the Genome Project earlier this week. The Project cataloged 300,000 mobile applications from the Android Market and iPhone App Store, and scrutinised the code for about 100,000 free mobile apps. Lookout discovered that 14 percent of iPhone apps and 8 percent of Android apps can access a user's contact data. Thirty-three percent of free iPhone applications can access a user's location, as can 29 percent of free Android apps.

All of these apps that can access user data are not necessarily malicious, and often have legitimate reasons for accessing the data. Nevertheless, Lookout believes it is important to know "what mobile applications are doing and use that information to more quickly identify potential security threats."

IDG UK Sites

Samsung Galaxy S6 review: Hands-on with the new Samsung Galaxy. Samsung's flagship is more iPhone-lr......

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Ractive powers The Guardian's interactive infographics – and lets novice coders build complex...

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...