September 3, 2014

App Genome Project Uncovers Wallpaper App That Steals Your Data

The team behind mobile security firm Lookout have been looking at hundreds of thousands of Android and iPhone apps as part of their new App Genome project.  This new initiative was created explicitly to keep mobile users safe from malicious apps.  Have they found anything worthwhile to report?  You betcha. Try this one on:  There is an “app” called Wallpaper,  All Categories that steals your data and reports to a server in China.

Looking at the listing in the Android Market, one can see that between 50,000 and 250,000 people have downloaded this app.  However, VentureBeat is reporting that the number ranges from 1.1 million to 4.6 million downloads.  Either way, that’s an awful lot of people out there inadvertently sharing sensitive material. What exactly is being reported to the server? According to Lookout, a user’s SIM card number, subscriber identification, text messages, and (potentially) voicemail passwords.

It’s not known whether the developers intentionally sought out this information or if it was simple oversight.  You may recall a recent incident with Citibank’s iPhone app which was storing customer account data on the handset.  In that case, the developer quickly plugged the hole and released an updated version of the app.  Still, it’s hard to imagine the wallpaper situation being accidental.  Lookout hesitates to brand it as malicious until the developers intent is known.

So what do you do as an Android user?  First, uninstall anything you have from jackeey, wallpaper.  At the time this article was drafted there were 72 titles in the Android Market.  After you remove the app(s), head to m.myLookout.com and grab a free copy of the mobile security app.

Maybe Google policing the Android Market isn’t so bad after all…

Source: CNET, VentureBeat