This is pretty horrific news! Apparently, a popular wallpaper app in the Android marketplace has been sending various bits of user data to servers in China. This data includes "SIM card numbers, text messages, browsing history, and voicemail passwords." It's been downloaded somewhere between 1 million and 4.6 million times (the marketplace apparently doesn't provide a reliable way to track downloads at the moment).
Anyway, more info here: www.pcmag.com/article2/0,2817,2367140,00.asp
EDIT: Update according to Engadget: "Texting and browser history are apparently not retrieved, but your phone number, phone ID, and voicemail fields are." So not as huge and horrific as initially reported, but still kind of annoying.
www.engadget.com/2010/07/29/lookouts-app-genome-pr...
Discussion about
Android wallpaper app, "My Little Pony" steals user info?
This brings up the whole debate about open vs. closed app ecosystems. If you want an open market, then you have to be more careful about what you install. Otherwise, a more restricted market like the Apple App Store may be a better option. I personally am an Android user, so I do my homework before downloading and installing an app.
I am honestly not surprised, I refuse to download apps with bad english, or chinese type publishing names, not to offend the actual good app developers from china or the eastern countries, but for every 1 good one there are 100 spammers/hackers.
yeah this brings to light the practices of the corporations managing the application marketplaces for their devices. apple has established that they will fully investigate all applications and their functionality, whereas google will just let things slide on through. either way, gaffs like this are pretty harmful to the collective trust of a userbase, google should probably do something about this ASAP (if they haven't already).
Its already been pulled from the market as Google investigates, and in all honestly it was a security company that reported it, and even they said it was probably no threat and just data collection for the app.
I agree but what would be worse for PR, pull a potentially dangerous app from the market so they can investigate where it is malicious or not, or delete it from between 1-4 million users with no explanation other then it might have been malicious. My guess is that most of the people that downloaded the app probably don't read android or tech blogs and are better off not knowing until Google can figure out if it was malicious.
