Many news outlets, including ReadWriteWeb reported yesterday that the first piece of Android malware may have been discovered in the wild. It now appears that we were mistaken. In an interview with Android Tapp Jackeey Wu, the developer of the wallpaper app in question, denied malicious intent. He said he was gathering device information to take advantage of favoriting features in Android.
In my applications I collected some device data, not user data. I collected the screen size to return more suitable wallpaper for the phone. More and More users emailed me telling that they love my wallpaper apps so much, because that even "Background" can't well suited the phone's screen.
I also collected device id,phone number and subscriber id, it has no relationship with user data. There are few apps in Android market has the favorites feature. Many users suggest that I should provide the feature so I use the these to identify the device, so they can favorite the wallpapers more conveniently, and resume his favorites after system resetting or changing the phone.
In a follow-up on its blog, Lookout, the security company that originally reported that the wallpaper apps were transmitting data, notes that the app did disclose that it was accessing phone data. However, not every app that accesses data actually transmits it off the device, and Wu's apps did not disclose that phone information would be collected (enterprises most certainly are not going to want employees voice mail passwords transmitted to third parties, regardless of that third party's intentions). Whether Wu himself knew he'd be collecting passwords along with users' phone numbers, we do not know. We have not been able to find a way to contact Wu.
We will update with additional information as it becomes available.