
Black Hat: Android wallpaper apps could be stealing data
Too many apps accessing personal information, experts warn

A team of mobile security researchers has found that popular wallpaper programs are capable of harvesting large amounts of personal data.
The researchers at Lookout found that several Android wallpaper applications can gather the number, subscriber identifier (e.g. IMSI), and the currently entered voicemail number on the phone.
"While this sort of data collection from a wallpaper application is certainly suspicious, there's no evidence of malicious behaviour," said the company in a blog post.
"There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent."
The apps in question came from two developers: 'jackeey,wallpaper', whose developer name has changed to 'callmejack' since the research was released, and '[email protected]!'. The applications do send data back to a central server, but Lookout said that this is not necessarily suspicious.
Lookout has also provided more details about its App Genome Project, which will scan 300,000 pieces of software to build the biggest dataset on mobile applications.
The preliminary results show that 47 per cent of free Android apps contain third-party code, compared to 23 per cent on the iPhone. Some 29 per cent of Android applications and a third of Apple applications can access a user's location.
Nearly twice as many free applications have the capability to access contact data on the iPhone (14 per cent) compared to Android (eight per cent).
V3 Latest
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
BT wants to make the public switched telephone network history within eight years
Facebook Login hijacked by hidden web trackers, claim security researchers
Personal data being purloined by third parties via Facebook Login API
Apple: we've no plans to merger iOS and MacOS
MacOS and iOS are better off apart, says CEO Tim Cook
Oracle: Java SE 8 business users must buy a licence from January next year
Or they'll no longer be entitled to updates and bug patches