It appears the Android wallpaper apps what were accused of being malware after a session at the Black Hat 2010 security conference this week may not have been malware, but simply overzealous in their data gathering, according to the security firm that first highlighted them. Security firm Lookout clarified its findings in a blog post on Friday.
The set of apps by wallpaper apps by developers “jackeey,wallpaper” and “IceskYsl@1sters!” (which are really one and the same) indeed exhibited suspicious behavior, according to Lookout. However, no malicious behavior has been identified, Lookout said.
Instead, it appears that news sites may have jumped the gun on the apps. They were sending the data to the site www.imnet.us. That site is apparently owned by someone in Shenzhen, China, and given the connection between China and hacking obviously raised red flags.
Still, it's interesting to note exactly what is being sent to that site.
The data included the device’s phone number, subscriber identifier (e.g. IMSI), and the currently entered voicemail number on the phone (see below for technical details). While this sort of data collection from a wallpaper application is certainly suspicious, there’s no evidence of malicious behavior. There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent.
Indeed, one has to wonder why that sort of information would need to be sent to a server. Lookout says that it is working with Google to investigate the apps further; in the meantime they have been pulled from the Android Market.
The results presented by Lookout came as a result of what the company called the "App Genome Project," an analysis of 300,000 apps in the Android Market and the App Store. Although, as noted, the data sent by the app appears strange, Lookout said the following prior to the conference, a sort of "benefit of the doubt":
"There's no indication that anything malicious has happened. The wallpaper apps immediately stood out, though, because they were sending the IMSI and phone number. But sometimes developers aren't aware of what's going on with third-party code that they've added to their apps from advertising or analytics SDKs."
Comments
This story was overblown from the get go, all because the FUD our media snaps to with all things China.
Honestly, are all servers in China nefarious or evil? If not then why should it matter when device info gathered with user permission for personalization feature is sent to server in China?
I would be very unhappy to know that the VM number, IMEI and my mobile 'phone number was sent to a server. If it were my own laptop and a piece of software I had run, that had had the MAC address and internal LAN detail sent to a server, then I would be equally unhappy.. The fact that it went to any server anywhere is the point. Not that it went to China, Russia, Sweden or the USA.
Since when doesn't China raise "red flag"? Basically what the media have us believe is ALL servers in China are inherently evil.
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!