A content research programme conducted by security firm Lookout has identified a malicious app that has been downloaded by millions from the app market. It's a wallpaper app developed by Jackeey Wallpaper. It's allegedly collecting data such as SIM card numbers, text messages, subscriber identification, and voicemail passwords which it then sends to www.imnet.us from Shenzen, China. Google have been notified.
Ambrose_1: Wouldn't it have come up in that warning when you install a app from the market? or is it up to the developer to disclose that information?
Yes, the app apparently asks for permissions. Seems like most people just hit OK without really reading stuff though. On that basis, there'll never be a secure smartphone.
It turns out that the severity of the data theft was exaggerated in the original report and the security company has back-pedalled on its original claims. Not that I'd download the app given the dev's choosing to build in functions that a wallpaper switcher doesn't need in any shape or form.
I'd stay clear of anything from Jackyee regardless. Obviously not a trustworthy source.
Galaxy S has gone to its new owner. HTC Sensation has gone to its new owner. Galaxy S3 has gone to its new owner. Now using Galaxy Note 3. Skipping Note 4 I think...
The folks at this security company should leave the security business... They issued a "revised statement"
"While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior. There have been cases in the past where applications are simply a little overzealous in their data gathering practices, but not because of any ill intent."
Idiots, probably just trying to promote their own "security" software/services later as "Android specialists". Now just idiots.
freitasm: The folks at this security company should leave the security business... They issued a "revised statement"
"While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior. There have been cases in the past where applications are simply a little overzealous in their data gathering practices, but not because of any ill intent."
Idiots, probably just trying to promote their own "security" software/services later as "Android specialists". Now just idiots.
Looks like pure FUD operating. Maybe Lookout got a big cheque from someone....and the story certainly got a lot of play without anyone apparently checking the facts.
Yet another example of conventional journalism (WSJ, etc..) being made to look silly by bloggers and subject specialists.
____________________________________________________ I'm on a high fibre diet.
To be clear the app did not ask for or have the ability to read SMS messages or browser history, that was a mistake in the original report by Venturebeat. Examples of the app permissions that would be asked for to allow that are here. An update with more technical details from Lookout is here.
Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly
to your computer or smartphone by using a feed reader.
Trusted
Administrator
Geekzone
