Discussion in 'Android Lounge' started by DarkNeo, Jul 29, 2010.
Over 1m Android Users' Details Were Compromised Thanks to a Suspicious App
CRAPPP!!!! I had 3 of them. The publisher was callmejack, though, not Jackeey Wallpaper as referenced in the article.
I am actually concerned with the data some of these apps need/want in order to be used. I am sure 99.9999% of them are completely harmless. And I know the alternative is to not use them. I wish Google would explain what exactly is being shared when I click ok. I know its listed there when you install. But like phone call info. Is that so app knows a phone call is coming in, or for advertising, or so that so the app can collect data for Tele marketing.... maybe they do explain it. New to Android and apps since Mid May.
Funny thing is that when I downloaded it to 3 of my 4 smartphones, it was published by Jackeey, and just lately, within the last few days, it has changed to callmejack. I uninstalled it today when I read about it, but then there was an update to that article saying that it was not as malicious as was first thought, but still bad news. It seems it does not access your texts as first reported, just your voicemails and phone number, and I can't remember for sure, but I think your sim card number as well.
Oh, now let's see how people cry about how "draconian" the itunes store is.
The scary thought is how many apps are floating around that are stealing data like this one was (or doing worse) and have yet to be discovered. There's probably dozens of them, hundreds even.
Wanted: an application that will log everything that gets sent (or received) over the data connection (IP addresses), and what's being sent, and, what app is doing it.
That would be nice, wouldn't it.
Or maybe people should read the user permissions before blindly installing an app.
Researchers: Android Wallpaper App Shows “No Evidence Of Malicious Behavior”
Doesn't look as bad as it sounds.
Apple's app approval process doesn't help prevent against security flaws:
Security flaw found in Citi Mobile iPhone app Boy Genius Report
Or apps performing functions it was never approved to do:
Flashlight app secretly lets you enable iPhone tethering | Utilities | iPhone Central | Macworld
So the App approval process isn't effective at all if it can't catch security flaws or apps running hidden functions.
Thankfully, I didn't download them, I am wary of "wallpaper" apps, anyway, any sort of "app" that is just content I can get on the web, anyway.
Wouldn't the info in question fall under the "read phone state and identity" permission? I thought that was the one needed for an app to respond correctly if the phone rang. If so, it seems like a case of a permission being too broad, rather than people not reading it.
anyone have an actual list of the affected wallpapers?
I ask yet again - nobody has yet answered this question: why the hell do you want to use an app for wallpapers? Wallpapers have no need of apps, you just get any picture you like on your phone, set it as wallpaper - done.
No idea - I don't use apps for wallpapers, I don't do it on my PC, either. I guess people are brainwashed into thinking that to do anything with their phone, you need an app for it - thanks, Apple
Lol, Id take 100 callmejacks on android market and still prefer it too the iNazi Store
People need to read articles properly.
The original article says NOTHING about the app being malicious. This is a non-story in my eyes.
Did you even read the article? Who exactly was "stealing" data?
The answer is no one.
I use an app for wallpapers. I don't like using pictures because they are all covered by the icons and widgets anyway. I like abstract or cute wallpapers and I don't want to sit here DL'ing them from my computer or going through myxer, so I have the app called 'backgrounds'
And it would also require a data connection. Besides, why the hell would a wallpaper app need that permission anyways eh? Like I said, common sense.
"The data infringement was revealed at the Black Hat security expo in Las Vegas yesterday, where listeners were told of how the personal details of between 1.1m - 4.6m who downloaded the app were sent to the Chinese developer's website Home - Jokes Paltform,funny lift for your. "
this says to me that they were taking information from the phones and sent them to their website.
i see no reason for a wallpaper app to need to send data to a website.
"UPDATE: Phandroid heard from Lookout, who clarified a few points
Yes I read the article, and it should be concerning what the app has been discovered to do, because odds are that there are many many other similar apps yet to be discovered that DO literally steal your information.
Thieves are out there, and the nature of those apps allows them to find creative ways to "get" a potential victims info.
I suspect it will only be a matter of time before more apps like that are discovered, and they will not be as benign as this one turned out to be, thats all.
Sent from my IPhone 4.
If we follow that line of reasoning, then we must also accept that there are similarly malicious undiscovered apps compromising iPhones since it has been demonstrated that the app store is not foolproof.