The Android wallpaper that supposedly stole personal information has returned to the market and are said to be safe after all. It looks like the wallpaper application wasn’t necessarily malicious, but it asked for more information from the device than it needed to properly work.
Lookout has recently come out with a clarification of what they’d initially said,
During our research, we found series of wallpaper applications in the Android Market are gathering seemingly unnecessary data. The wallpaper applications that we analyzed transmitted several pieces of sensitive data to a server over an unencrypted network connection. The data included the device’s phone number, subscriber identifier (e.g. IMSI), and the currently entered voicemail number on the phone. While this sort of data collection from a wallpaper application is certainly suspicious, there’s no evidence of malicious behavior. There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent.
As it turns out, Lookout had never said that the wallpaper ever stole your texts messages or browsing history. The developer simply requested more data than needed. While that’s indeed concerning, it doesn’t mean the app is malicious per se. The application sent unnecessary information to an unencrypted website, and if that site was hacked, only then would people need to start worrying. Google looked into the application, and deemed it as not malicious, but did give the developer some suggestions so that this would not happen again.
John Hering, chief executive of mobile security firm Lookout, said about the situation,
We see this as an opportunity to educate developers on how not to make this mistake and to ensure that they keep their user’s information safe…
Even if the developer had no intentions of using the personal data collected, it’s still just a bit disturbing to know that some of your information is floating around in some website just because of a lame Star Wars wallpaper. To truly be safe, check out the permissions an application needs before you download it, that’s why they are displayed to you before you hit that install button. If a wallpaper needs full internet access or access to your phone calls, maybe you want to think twice about downloading it.
[Via: MobileBeat, LookoutBlog]