Black Hat: Android wallpaper apps could be stealing data

Powered by SC Magazine
 

Too many apps access personal information.

A team of mobile security researchers has found that popular wallpaper programs are capable of harvesting large amounts of personal data.

The researchers at Lookout found that several Android wallpaper applications can gather the number, subscriber identifier (e.g. IMSI), and the currently entered voicemail number on the phone.

"While this sort of data collection from a wallpaper application is certainly suspicious, there's no evidence of malicious behaviour," said the company in a blog post.

"There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent."

The apps in question came from two developers: 'jackeey,wallpaper', whose developer name has changed to 'callmejack' since the research was released, and 'IceskYsl@1sters!'. The applications do send data back to a central server, but Lookout said that this is not necessarily suspicious.

Lookout has also provided more details about its App Genome Project, which will scan 300,000 pieces of software to build the biggest dataset on mobile applications.

The preliminary results show that 47 percent of free Android apps contain third-party code, compared to 23 percent on the iPhone. Some 29 percent of Android applications and a third of Apple applications can access a user's location.

Nearly twice as many free applications have the capability to access contact data on the iPhone (14 percent) compared to Android (eight percent).

Copyright ©v3.co.uk


Black Hat: Android wallpaper apps could be stealing data
 
 
 
Top Stories
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
Photos: AISA National Conference 2014
Highlight's from Australia's volunteer-run information security event.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  23%
 
End user computing (desktops, mobiles, apps)
  12%
 
Software development
  27%
TOTAL VOTES: 233

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 72

Vote