Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Wallpapers stealing personal data

Options
  • 29-07-2010 5:07am
    #1
    M5
    Registered Users Posts: 10,161 ✭✭✭✭


    From android central:
    Before we start, grab your phone and your computer and hit this link : AppBrain -- Android apps by jakeey, wallpaper wallpaper. If you have any of these applications on your Android phone, uninstall them.

    We'll wait.

    Now you ask why did we recommend (nay, demand!) you uninstall any of those apps? Lookout says that one or more of these apps are stealing your data and sending it to an unknown person or persons in China. Yup, innocent looking wallpaper apps. According to Lookout, the app(s) in question are collecting:

    * browsing history
    * text messages
    * your SIM card data
    * subscriber ID
    * voicemail password

    Look for Google to pull these soon, as they potentially affect at least 1.1 million users, but for now remember to read what an app can do when you install it. That's that screen you ignore every time you install an app. The one that tells you what system permissions the app has access to. If, say, a calculator wants to see your contacts list, think twice.

    It's worth reminding that Android is the only OS that gives you these sort of warnings. And before any Apple fanatics get too cocky, at least these apps aren't stealing money from your Google checkout account. We're keeping a close eye on this one, you'll hear more as it unfolds.


Comments

  • Options
    #2
    h57xiucj2z946q
    Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Phandroid.com:
    [Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device’s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail’s password is also not transmitted unless you included the password in your phone’s voicemail number field.

    We’re not yet certain on what the developer’s intentions are for using the pieces of data it does send to China – so we can’t outright call it malicious – but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone’s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data.


  • Options
    #3
    conor.hogan.2
    Registered Users Posts: 5,246 ✭✭✭conor.hogan.2


    On lifehacker or Gizmodo I seen in the comments I think this comment and it summed it up nicely.

    '' These are the people Apple protect from themselves''

    As the Apps stated what they had access to and people willingly installed them.


  • Options
    #4
    wayne040576
    Registered Users Posts: 1,493 ✭✭✭wayne040576


    Thing is, does everybody read the entire section on what an app will have access to including the "more" part?

    And if version 1 of an app is ok can we be sure that the update to version 1.1 won't install anything malicious?


  • Options
    #5
    28064212
    Registered Users Posts: 10,498 ✭✭✭✭28064212


    wayne040576 wrote: »
    Thing is, does everybody read the entire section on what an app will have access to including the "more" part?
    Depends on the app. It's generally not hugely difficult to tell the difference between spam/malicious software and valid ones at a glance. If I'm unsure, I'll look at the permissions.
    wayne040576 wrote: »
    And if version 1 of an app is ok can we be sure that the update to version 1.1 won't install anything malicious?
    You're shown the permissions screen again every time you update. Although I don't know how that works on 2.2 (isn't there an update all button?). Personally I'd prefer if they only showed you the permissions screen if they actually change from the old version to the new one

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Options
    #6
    Ample Free ...?
    Registered Users Posts: 398 ✭✭Ample Free ...?


    In 2.2 updates can be set to download automatically providing the permissions don't change. If they do change a so-called 'manual update' is required, i.e. you'll have to look at and verify permissions again as you would do in 2.1. So nothing major can be changed without the users consent. It all depends on how careful/careless you are!


  • Advertisement
  • Options
    #7
    asafavour
    Registered Users Posts: 9 asafavour


    http://www.androidtapp.com/android-wallpaper-apps-falsely-accused-of-spyware-and-stealing-sensitive-user-data-fud/

    Seems some (a lot) of the sites which picked up this story were a bit hasty


  • Options
    #8
    conor.hogan.2
    Registered Users Posts: 5,246 ✭✭✭conor.hogan.2


    ''Android Wallpaper App Developer Defends Data Collection ★''

    '' Jackeey Wu, developer of the controversial Android wallpaper app that collects user data, defends himself in a message to Android Tapp:

    In my applications I collected some device data, not user data. I collected the screen size to return more suitable wallpaper for the phone. More and More users emailed me telling that they love my wallpaper apps so much, because that even “Background” can’t well suited the phone’s screen. I also collected device id, phone number and subscriber id, it has no relationship with user data.''

    But why collect phone numbers?''

    From Daring Fireball.

    So yes and no with the hastiness.


Advertisement