The revelation that an application for Android that is being sold on Google’s Android Market is sending out information regarding your phone (SIM card number, subscriber identification, voicemail password) shouldn’t come as a surprise to anyone – it is patently obvious that with the huge amounts of applications sold for Apple and Android devices, some malicious applications can slip through the cracks and end up on the market.
Daily Tech reports that John Hering and Kevin MaHaffey, chief executive and chief technology officer, respectively, of mobile security company Lookout, have revealed at Black Hat that the wallpaper application in question was developed by Jackeey Wallpaper and that it was sending the previously mentioned data to a server in China.
Maybe it’s because of the destination of the information – or maybe it’s because the application is thought to have been downloaded by a million users altogether? – that this news resounded so across the Web? In any case, it is still unknown if any of the data (especially the voicemail passwords) has been used for a malicious purpose. And I agree that the whole thing is a bit scary, because if this application was for sale, who knows what other things are lurking on the app market?
Lookout has analyzed over 100,000 Android and Apple applications and has come to the conclusion that some 47 percent of the former and 23 percent of the latter collect some sort of user information.
But, the biggest problem that I can see here is not that some applications that should not manage to pass muster do, but the fact that applications sold on the Android’s App Market don’t need to have permission from the user to download further executable code, which makes it possible for a fairly benign application to be turned into a malicious one without raising suspicions with the user.