We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,630 News Articles

Rogue Android apps secretly grab user data

Security experts warn Android users at Black Hat event

A number of popular Google Android applications can reportedly collect your mobile device's personal information and then send that data to a Chinese-owned website. The information in question includes your device's phone number, subscriber identifier number and, in some cases, your voicemail password, according to Phandroid.

The accusation comes from the mobile security firm Lookout made during the company's talk at the Black Hat security conference in Las Vegas. Lookout says the apps in question were made by Jackeey Wallpapers, according to a Venture Beat story.

It's unclear if the app is designed to be malicious and what exactly is done with the data collected. The apps let you download a variety of themed wallpapers including popular brands like Windows 7, The Simpsons, Dragon Ball, Hello Kitty and many more. Google does not post download numbers so it's unclear how many times these apps have been downloaded. But Lookout estimates the number could be as high as 4 million. You can find listings for Jackeey Wallpapers' applications on DoubleTwist's online catalogue of Android apps.

After the data has been collected by the wallpaper app it can be sent to the website, imnet.us, VentureBeat says. In addition to Jackeey Wallpapers, another developer named iceskysl@1sters was also reportedly collecting user data. However, a quick look at the whois registrar information for imnet.us reveals that icesksyl@1sters is likely the developer for Jackeey Wallpapers apps. The whois information says the site is registered to a person based in Shenzhen, China. The registrar information also lists the site's contact organisation as "1sters!" and a webmail address for someone named iceskysl. Attempts to contact the site owner for comment were unsuccessful.

Lookout's discovery is part of the company's recently announced App Genome Project that aims to "map and study mobile applications". The company posted some early findings from the Genome Project earlier this week. The Project cataloged 300,000 mobile applications from the Android Market and iPhone App Store, and scrutinised the code for about 100,000 free mobile apps. Lookout discovered that 14 percent of iPhone apps and 8 percent of Android apps can access a user's contact data. Thirty-three percent of free iPhone applications can access a user's location, as can 29 percent of free Android apps.

All of these apps that can access user data are not necessarily malicious, and often have legitimate reasons for accessing the data. Nevertheless, Lookout believes it is important to know "what mobile applications are doing and use that information to more quickly identify potential security threats."


IDG UK Sites

Nokia Lumia 930 review: The flagship Windows Phone 8.1 smartphone

IDG UK Sites

Live Blog: Apple financial results, record June quarter, 35.2m iPhones sold, $37.4b revenue

IDG UK Sites

Welcome to the upgrade cycle - you'll never leave

IDG UK Sites

Why smartphone screens are getting bigger