Android app developer denies stealing user info

Android app developer denies stealing user info
Earlier this week a company called Lookout showed how several Android wallpaper apps were accessing user information, including phone number, subscriber identification, voicemail password, browsing history, text messages & the phone’s SIM card number.

The claims were made during a presentation at this week's Black Hat security conference in Las Vegas.



In a number of interviews since then the developer, Jackeey Wu, has released a statement denying most of these claims and Lookout has since agreed that only the phone number, subscriber identification & voicemail password (when stored on the phone) were accessed and sent to Wu's server in China.

Wu stated, "I collected the screen size to return more suitable wallpaper for the phone. More and More users emailed me telling that they love my wallpaper apps so much, because that even “Background” can’t well suited the phone’s screen. I also collected device id,phone number and subscriber id, it has no relationship with user data. There are few apps in Android market has the favorites feature. Many users suggest that I should provide the feature so I use the these to identify the device, so they can favorite the wallpapers more conveniently, and resume his favorites after system resetting or changing the phone."

He also included a screenshot from installing one of the apps, showing the permissions used. You can read the entire statement below.

Lookout's clarification on their website says, "While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior. There have been cases in the past where applications are simply a little overzealous in their data gathering practices, but not because of any ill intent."

Regardless of the developer's intentions, the real lesson here is the importance of paying attention to what permissions an app has before installing it. If you don't think it should need a particular permission you should contact the developer before installing or just avoid it entirely.

Jackeey Response

Written by: Rich Fiscus @ 30 Jul 2010 17:14
Advertisement - News comments available below the ad
  • 13 comments
  • DXR88

    just another reason i will continue to manually obtain any Enhancements, to avoid information Gathering of such nature.

    there's always a catch to the ease of use.

    Powered By

    30.7.2010 17:57 #1

  • biglo30

    What does he need there number for anyway. Liar

    31.7.2010 00:45 #2

  • KillerBug

    One of the nice things about android apps it that before installation, there is a screen that tells you all the permissions that the app requires. If it asks for something that it should not need, I don't install...there are about a dozen different versions of ever app anyway, so I can usually find something that asks only for what it needs.

    31.7.2010 02:17 #3

  • beanos66

    Originally posted by biglo30: What does he need there number for anyway. Liar
    for one! million dollars MWA HA HA HA

    31.7.2010 02:45 #4

  • lissenup2

    Originally posted by biglo30: What does he need there number for anyway. Liar
    I agree. He's a lying P.O.S. and a jagoff to boot.

    31.7.2010 17:31 #5

  • shaffaaf

    how did google let this in?




    My MGR (Micro Gaming Rig)
    Intel Q6600 @ 3.4GHz .|. DFI Jr P45-T2RS Micro ATX .|. 4GB (2x2GB) PC2-8500 Geil Black Dragon RAM .|. Samsung F3 1TB HDD .|. Pinoeer DVR-216DBK ODD .|. Corsair H50-1 Watercooler .|. Sapphire 4870 512MB x2 in CrossfireX .|. Silverstone Sugo Micro ATX SG03-B .|. NorthQ Black Magic 850W PSU .|. 24" 1920x1200 DGM MVA Monitor .|. 24" 1920x1080 Dell TN Monitor .|.

    1.8.2010 10:50 #6

  • biglo30

    Originally posted by KillerBug: One of the nice things about android apps it that before installation, there is a screen that tells you all the permissions that the app requires. If it asks for something that it should not need, I don't install...there are about a dozen different versions of ever app anyway, so I can usually find something that asks only for what it needs. Yeah thats true I always look at that stuff when installing an app.

    1.8.2010 13:09 #7

  • DXR88

    Originally posted by biglo30: Originally posted by KillerBug: One of the nice things about android apps it that before installation, there is a screen that tells you all the permissions that the app requires. If it asks for something that it should not need, I don't install...there are about a dozen different versions of ever app anyway, so I can usually find something that asks only for what it needs. Yeah thats true I always look at that stuff when installing an app. you don't have a choice.

    Powered By

    1.8.2010 15:58 #8

  • KillerBug

    Originally posted by DXR88: you don't have a choice. You can refuse to install.

    1.8.2010 23:10 #9

  • DXR88

    Originally posted by KillerBug: Originally posted by DXR88: you don't have a choice. You can refuse to install. but in reference to the quote. the first thing you always see is the EULA, which i don't read. hell for all i know i owe some corporation a kidney and eye, my left testicle and an index finger.

    Powered By

    2.8.2010 01:39 #10

  • blueboy09

    Man I about LOLed on this story. This man is doing what Steve Jobs does: deny everything and anything. This man is going to have to learn the hard way I'm afraid.

    Life is about walking on thin ice, if you make too much drama, youll crack under pressure. - BLUEBOY

    2.8.2010 19:11 #11

  • ispy

    Originally posted by blueboy09: Man I about LOLed on this story. This man is doing what Steve Jobs does: deny everything and anything. This man is going to have to learn the hard way I'm afraid. He could apply for a job with Apple !

    3.8.2010 03:18 #12

  • CharlesLiu

    Originally posted by biglo30: What does he need there number for anyway. Liar
    You are ignorant, that's all I can say.

    For the customized wallpaper to work the apps has to be able to identify the user, and device id alone is insufficient. Minimum phone # and IMEI is needed.

    BTW, the article has an error - voice mail phone # is saved, not the password.

    3.8.2010 19:11 #13

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud