Android app developer denies stealing user info

Earlier this week a company called Lookout showed how several Android wallpaper apps were accessing user information, including phone number, subscriber identification, voicemail password, browsing history, text messages & the phone�s SIM card number.

The claims were made during a presentation at this week's Black Hat security conference in Las Vegas.

In a number of interviews since then the developer, Jackeey Wu, has released a statement denying most of these claims and Lookout has since agreed that only the phone number, subscriber identification & voicemail password (when stored on the phone) were accessed and sent to Wu's server in China.

Wu stated, "I collected the screen size to return more suitable wallpaper for the phone. More and More users emailed me telling that they love my wallpaper apps so much, because that even �Background� can�t well suited the phone�s screen. I also collected device id,phone number and subscriber id, it has no relationship with user data. There are few apps in Android market has the favorites feature. Many users suggest that I should provide the feature so I use the these to identify the device, so they can favorite the wallpapers more conveniently, and resume his favorites after system resetting or changing the phone."

He also included a screenshot from installing one of the apps, showing the permissions used. You can read the entire statement below.

Lookout's clarification on their website says, "While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior. There have been cases in the past where applications are simply a little overzealous in their data gathering practices, but not because of any ill intent."

Regardless of the developer's intentions, the real lesson here is the importance of paying attention to what permissions an app has before installing it. If you don't think it should need a particular permission you should contact the developer before installing or just avoid it entirely.

Jackeey Response

Written by: Rich Fiscus @ 30 Jul 2010 17:14

Advertisement - News comments available below the ad

13 comments

DXR88

just another reason i will continue to manually obtain any Enhancements, to avoid information Gathering of such nature.

there's always a catch to the ease of use.

30.7.2010 17:57 #1

biglo30

What does he need there number for anyway. Liar

31.7.2010 00:45 #2

KillerBug

One of the nice things about android apps it that before installation, there is a screen that tells you all the permissions that the app requires. If it asks for something that it should not need, I don't install...there are about a dozen different versions of ever app anyway, so I can usually find something that asks only for what it needs.

31.7.2010 02:17 #3

beanos66

Originally posted by biglo30: What does he need there number for anyway. Liar
for one! million dollars MWA HA HA HA

31.7.2010 02:45 #4

lissenup2

Originally posted by biglo30: What does he need there number for anyway. Liar
I agree. He's a lying P.O.S. and a jagoff to boot.

31.7.2010 17:31 #5

shaffaaf

how did google let this in?

1.8.2010 10:50 #6

biglo30

Originally posted by KillerBug: One of the nice things about android apps it that before installation, there is a screen that tells you all the permissions that the app requires. If it asks for something that it should not need, I don't install...there are about a dozen different versions of ever app anyway, so I can usually find something that asks only for what it needs. Yeah thats true I always look at that stuff when installing an app.

1.8.2010 13:09 #7

DXR88

Originally posted by biglo30: Originally posted by KillerBug: One of the nice things about android apps it that before installation, there is a screen that tells you all the permissions that the app requires. If it asks for something that it should not need, I don't install...there are about a dozen different versions of ever app anyway, so I can usually find something that asks only for what it needs. Yeah thats true I always look at that stuff when installing an app. you don't have a choice.

1.8.2010 15:58 #8

KillerBug

Originally posted by DXR88: you don't have a choice. You can refuse to install.

1.8.2010 23:10 #9

DXR88

Originally posted by KillerBug: Originally posted by DXR88: you don't have a choice. You can refuse to install. but in reference to the quote. the first thing you always see is the EULA, which i don't read. hell for all i know i owe some corporation a kidney and eye, my left testicle and an index finger.

2.8.2010 01:39 #10

blueboy09

Man I about LOLed on this story. This man is doing what Steve Jobs does: deny everything and anything. This man is going to have to learn the hard way I'm afraid.

Life is about walking on thin ice, if you make too much drama, youll crack under pressure. - BLUEBOY

2.8.2010 19:11 #11

ispy

Originally posted by blueboy09: Man I about LOLed on this story. This man is doing what Steve Jobs does: deny everything and anything. This man is going to have to learn the hard way I'm afraid. He could apply for a job with Apple !

3.8.2010 03:18 #12

CharlesLiu

Originally posted by biglo30: What does he need there number for anyway. Liar
You are ignorant, that's all I can say.

For the customized wallpaper to work the apps has to be able to identify the user, and device id alone is insufficient. Minimum phone # and IMEI is needed.

BTW, the article has an error - voice mail phone # is saved, not the password.

3.8.2010 19:11 #13

AfterDawn: News