An Android app that offers free wallpapers is allegedly gathering data about its users, including their phone numbers, carrier subscriber identifiers and phone number of their voicemail accounts. The app then sends this data to a website based in China, says mobile security firm Lookout.
The Android app, called Jackeey, is estimated to have anywhere from 1 to 4 million downloads.
“While the data accessed are certainly suspicious coming from wallpaper apps, we’re not saying that these applications are malicious,” Kevin Mahaffey, founder and CTO of Lookout wrote in an e-mail to Android Central. “There have been cases in the past where the applications are simply a little overzealous in their data-gathering practices, but not because of any ill intent.”
The Jackeey app does not touch the SMS and browsing capabilities of the phone. Lookout made the disclosure at the ongoing Black Hat conference in Las Vegas. (See Wired.com’s Threat Level blog for more coverage of Black Hat.)
Wired.com was not able to contact the developers of the Jackeey wallpapers.
While one Android app has been singled out, many iPhone apps also intrude into the users’ privacy, says Lookout. A survey of 300,000 applications for both the iPhone and Android OS found twice as many free applications on the iPhone have the capability to access the user?s contact data (14 percent) as compared to Android (8 percent).
“Ultimately, the device OS makers should focus on better security,” says Dimitri Volkmann, a vice-president at Good Technology, which provides mobile security and device management for businesses. “It’s more about the maturity of the vendors rather than control vs. open source.”
How the data gathered from users is handled has been a minefield for phone makers. In 2009, a developer found the Palm Pre’s operating-system webOS sent his GPS location back to the company every day. Palm was also monitoring the webOS apps he used each day, and for how long he used each one. The outcry forced Palm to change how it handles data gathered by the OS.
Android app Jackeey’s missteps in handling user data has hurt and embarrassed them. But with thousands of apps in the Android app store and little supervision, it’s just a matter of time before a bigger mobile-security risk has major consequences for consumers.
See Also:
- Apple’s iPhone Security Gets Better, But Still Not BlackBerry
- Google Flips Remote Kill-Switch on Android Apps
- Hacker Says iPhone 3GS Encryption Is ‘Useless’ for Businesses
- Want to Fool Apple’s App Store? Plant an Easter Egg
Photo: (marketingfacts/Flickr)
Full story at http://feeds.wired.com/~r/GearFactor/~3/gakCGG4ALZ4/
Posts
No comments:
Post a Comment