Home Android Spyware: Millions Downloaded Thievish Wallpaper App (Updated)

Android Spyware: Millions Downloaded Thievish Wallpaper App (Updated)

Update 2: Please see our follow-up – the developer of the app in question has denied malicious intent. Mobile security firm Lookout announced today at the Black Hat security conference that millions of Android users had downloaded a wallpaper app that sends user information to a unknown site in China, reported VentureBeat. Concerns about app access to private information were raised last month, but this may be the first instance of Android malware in the wild. Android’s enterprise-readiness has been controversial in analyst circles. Update: Lookout contacted us with the following clarification:

The app does not actually steal users SIM card numbers or voicemail passwords. Instead, the app transmits the device’s phone number, subscriber identifier (e.g. IMSI), and the currently entered voicemail number on the phone. This is an important distinction for Lookout, because they did not technically find that the app was doing anything malicious. It is certainly suspicious, but it is important to clear up that they did not actually steal info like voicemail passwords.

The app, Jackeey Wallpaper, transmits a users’ SIM card number, subscriber identification, and, if it’s been programmed into the phone, voicemail password to www.imnet.us, a web site owned by someone in Shenzhen, China. It had been reported that the app also collected browsing history and text messages, but Lookout has clarified that this is not correct.

The app asks permission to access users phone calls, but does not disclose that the information would be sent to a third-party. Lookout found the app as part of its App Genome Project, an ambitious project to track the behavior of 300,000 applications.

Lookout may also be announcing other Android security risks at the conference.

Another mobile security company, Smobile Systems warned against this very scenario last month in a report titled Threat Analysis in the Android Market.

Analysts have been split over the enterprise-readiness of Android 2.2. Jack Gold, of J. Gold Associates, has argued that the lack of support for enterprises to manage what apps users install on their Android handsets should be one of many deal-breakers for Android adoption in the enterprise. This would seem to validate his claims.

Perhaps in response to the Smobile report, Google released a kill switch function to remotely delete malicious applications. The company hasn’t announced whether Jackeey Wallpaper has been scheduled for termination.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.