now you know why I don't mind apple's rigorous app approval process!


http://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/

http://www.appleinsider.com/articles/10/07/29/millions_of_android_users_hit_by_malicious_data_th eft_app.html


An app distributed by Google's Android Market has collected private data from millions of users and forwarded it to servers China, validating Apple's uniquely strong stance on mobile security in the iPhone App Store.

The exploit, tied to an app that appeared to simply load free custom background wallpapers, was downloaded "anywhere from 1.1 million to 4.6 million times. The exact number isn’t known because the Android Market doesn’t offer precise data," according to a report by Dean Takahashi of VentureBeat.

The app "collects a user’s browsing history, text messages, your phone’s SIM card number, subscriber identification, and even your voice mail password. It sends the data to a web site, www.imnet.us (http://www.imnet.us/). That site is evidently owned by someone in Shenzhen, China," the report noted. post from an android user on macrumors

I've just done a quik check of permissions reqested on one of the suspected wallpaper apps and something does seem fishy:
http://www.chazclout.co.uk/wp-content/uploads/2010/07/wallpaper1.png
Storage and Network communication permissions make sense (needs to write wallpaper to SD card and needs to download wallpapers) but the location and phonecalls one seems odd (unless the phonecalls was to quit the app once a call was initiated and the location was for analytics).

I thought I'd compare with two apps that genuinely have reason to access SMS/Contact info and the permissions requested are very different (Chomp SMS and Phonebook 2.0):
http://www.chazclout.co.uk/wp-content/uploads/2010/07/chomp1.pnghttp://www.chazclout.co.uk/wp-content/uploads/2010/07/phonebook1.png

On the jackey wallpaper app there was no mention of accessing phone numbers, SMS messages or personal information.

This puts me off too:
Quote:
<table width="100%" border="0" cellpadding="6" cellspacing="0"> <tbody><tr> <td class="alt2" style="border: 1px inset;"> The data theft was only discovered afterward, through forensics performed by mobile security firm named Lookout which sells virus and malware protection software for Android, Windows Mobile and BlackBerry devices. </td> </tr> </tbody></table>
They have something to sell and they have nasty stories of malware on Android.

All of it seems odd to me but one word of warning, always check the permissions requested before installing an app.

"The app in question came from Jackeey Wallpaper, and it was uploaded to the Android Market, where users can download it and use it to decorate their phones that run the Google Android operating system. It includes branded wallpapers from My Little Pony and Star Wars, to name just a couple."

Except it isn't a single app, the dev has many wallpaper apps on there:
http://www.chazclout.co.uk/wp-content/uploads/2010/07/snap20100729_075445.png

http://www.engadget.com/2010/07/29/lookouts-app-genome-project-warns-about-sketchy-apps-you-may-ha/

If you're an iPhone (http://www.engadget.com/tag/iphone) user, the only privacy notice you'll see from an app regards your current location -- as much a warning about the associated battery hit from the GPS pinging as anything. If you're an Android (http://www.engadget.com/tag/google,android) user, however, things are different, with a tap-through dialog showing you exactly what each app will access on your phone. But, do you read them? You should, with Lookout running a sort of survey across 300,000 apps on those two platforms, finding that many access personal information even though they seemingly don't need to. One particularly scary instance, an app called Jackeey Wallpaper on Android, aggregates your browsing history, voicemail password, text messages, and even your SIM ID and beams it all to a server in China. That this app has been downloaded millions of times is a little disconcerting, but it's not just Android users that have to fear, as even more iPhone than Android apps take a look through your contact infos. What to do? Well, be careful what you download to start, on Android read those privacy warnings... and we're sure Lookout wouldn't mind if you took this opportunity to download its security app.

Thanks for the heads up.

It says in the blit with the app "share wallpaper" and "manage download wallpaper" which may explain why it wants to access the phone information. Still sounds hinkey enough to completely avoid it.

Also noted two other developers who are probably the same person/group that have apps that want phone info.
"callmejack" even has the same Hello Kitty Wallpapers name and identical icon.
"jacklrb" has mobile pets that also want phone info.

Thats my one gripe about the android experience so far is the market....I love that its open and anyone can write anything they want, but it defiantly needs more screening...Maybe not apple level (LONG TIME) screening, but at least scanning every app through a virus/malware prosses...

The amount of spam in the reviews blows me away to...

Why not approach it like you do your PC? You don't download and install software onto your PC without checking it out a little bit do you? I don't. And I assume that some kind of security apps are available for android that alert you if an app is doing something fishy. My PC has that. Open source means protect yourself.

Why not approach it like you do your PC? You don't download and install software onto your PC without checking it out a little bit do you? I don't. And I assume that some kind of security apps are available for android that alert you if an app is doing something fishy. My PC has that. Open source means protect yourself.

Exactly. Look before you download. Has nothing to do with "rigrious" Apple approval process. lol

Exactly. Look before you download. Has nothing to do with "rigrious" Apple approval process. lol

Actually it does. The average person does not and does not want to research. They want it done for them. I assume you read all the fine print though! RIGHT!

I don't research that much on the pc either but I know it's safe before I load it. Apples to oranges any way. You can't compare an open phone os to even windows. Not even in the same ball park


Sent from my iPhone 4 using Tapatalk

Actually it does. The average person does not and does not want to research. They want it done for them. I assume you read all the fine print though! RIGHT!

I don't research that much on the pc either but I know it's safe before I load it. Apples to oranges any way. You can't compare an open phone os to even windows. Not even in the same ball park


Sent from my iPhone 4 using Tapatalk

Not sure im tracking with you...but anyway. Yes, me being an IT guy, I always check stuff before I load it. Whether it be on my phone or my Mac. That just comes from experience and IT security training. And no, this doesnt apply to Apple's "testing" because its a live wallpaper and not actually an app. And it was determined the application and data collected wasnt malicious...

http://www.androidcentral.com/android-privacy-concern-lookout-response

So take it for what its worth.

I've been in IT for 30 years, so yea I agree. my point was it's different with a pc. people, most of them, have virus scanning and email scanning running in the background, i don't, that check any apps before they are installed. there is nothing like that in place for android. apple at least checks everything before it hits the store. some thing still slip through from time to time, but they do a very good job of controlling the app store. That and any data collection is bad!

I've been in IT for 30 years, so yea I agree. my point was it's different with a pc. people, most of them, have virus scanning and email scanning running in the background, i don't, that check any apps before they are installed. there is nothing like that in place for android. apple at least checks everything before it hits the store. some thing still slip through from time to time, but they do a very good job of controlling the app store. That and any data collection is bad!

Yeah, they do a GREAT job controlling the app store. Apple would never let something with a hidden function make it onto the store
Oh wait....
http://www.engadget.com/2010/07/20/handy-light-for-iphones-dirty-little-secret-tethering-video/

Go find another bridge, troll.

I've been in IT for 30 years, so yea I agree. my point was it's different with a pc. people, most of them, have virus scanning and email scanning running in the background, i don't, that check any apps before they are installed. there is nothing like that in place for android. apple at least checks everything before it hits the store. some thing still slip through from time to time, but they do a very good job of controlling the app store. That and any data collection is bad!

you musta missed the bolded line! so whos the troll

there is nothing like that in place for android.
I wouldn't say there's nothing. A single Google turned up several security/antivirus/antimalware apps for android. I don't know how good they are. As for downloading and installing software on your phone without checking to see if the provider is a reputable source, if you do that, you deserve whatever you get.

you musta missed the bolded line! so whos the troll

Nothing was missed, including you contradicting yourself.

I wouldn't say there's nothing. A single Google turned up several security/antivirus/antimalware apps for android. I don't know how good they are. As for downloading and installing software on your phone without checking to see if the provider is a reputable source, if you do that, you deserve whatever you get.

was there an app checker app? if you download an app without reading the fine print and collects your personal data, a security/antivirus/antimalware app is not going to catch that.

as for a reputable source. that's the whole point. who do you know the developer of the app is a reputable source? The whole point of the company controlling what goes into the app store is so the user doesn't have to worry about it. they know the app is reputable or it doesn't make it into the app store.

being reputable is very different from the example tarzan idiot listed which was not malicious and simply had hidden features that where actually beneficial to the users

Wow, the Android fanboi's are out in force here.

why must someone be labeled a fanboi simply because they prefer one thing over another? I personally think ios and android both have merit. they both have strengthens and weaknesses. it simply comes down to which works best for you

why must someone be labeled a fanboi simply because they prefer one thing over another? I personally think ios and android both have merit. they both have strengthens and weaknesses. it simply comes down to which works best for you

It was a joke, because if this were an Apple thread it would have been said already.

Good thing I don't like Hello Kitty.

It was a joke,

That's a damn lie! I've seen your Iphone! You're one of them!! :lol:

:rofl:

I guess you would have been screwed when you downloaded your pink wallpapers Troy.

i make all my own but they aint pink

http://i287.photobucket.com/albums/ll152/troyboy30/iPhone%204/cf7ad070.jpg

http://i287.photobucket.com/albums/ll152/troyboy30/iPhone%204/34795484.jpg

That's a damn lie! I've seen your Iphone! You're one of them!! :lol:

Resistance is futile, prepare to be assimi.... I mean... what the hell are you rambling on about now?

was there an app checker app? if you download an app without reading the fine print and collects your personal data, a security/antivirus/antimalware app is not going to catch that.

as for a reputable source. that's the whole point. who do you know the developer of the app is a reputable source? The whole point of the company controlling what goes into the app store is so the user doesn't have to worry about it. they know the app is reputable or it doesn't make it into the app store.

being reputable is very different from the example tarzan idiot listed which was not malicious and simply had hidden features that where actually beneficial to the users

I have a variety of antivirus, anti malware, anti phishing etc etc software on my PC. It absolutely does inform me if an app is collecting information and/or trying to transmit it over the network. In fact, no app is allowed to connect to the internet without me OKing it. I would think something like that would be available for smartphones which are really PC's in your pocket. If not, I'd say that's a big hole. Whether it's Apple or Android or Windows Mobile or whatever, just because there's a phone built into it doesn't mean it doesn't need some security. If anything, it heightens the need.

For years now our phones have been becoming more like PCs while our PC's have been becoming more like phones. It's only a matter of time before they meet in the middle reducing the workload on hackers.

I have a variety of antivirus, anti malware, anti phishing etc etc software on my PC. It absolutely does inform me if an app is collecting information and/or trying to transmit it over the network. In fact, no app is allowed to connect to the internet without me OKing it. I would think something like that would be available for smartphones which are really PC's in your pocket. If not, I'd say that's a big hole. Whether it's Apple or Android or Windows Mobile or whatever, just because there's a phone built into it doesn't mean it doesn't need some security. If anything, it heightens the need.

Talking about phone not computer dude. Totally diff. Google for smart phone anti virus. Good luck


Sent from my iPhone 4 using Tapatalk

They're not totally different. Not anymore.

Phones have operating systems, web browsers, video players, word processing programs, music apps, video games. You sent that post from your cell. Go back 15 years and tell someone you can do that with a phone and they'll look at you like you're nuttier than squirrel 5hit and inform you that you can only do that with a computer.

Phones are no longer simple items. As soon as they started storing important information or even accessing important information they became potential targets for hackers.

They're not totally different. Not anymore.

Phones have operating systems, web browsers, video players, word processing programs, music apps, video games. You sent that post from your cell. Go back 15 years and tell someone you can do that with a phone and they'll look at you like you're nuttier than squirrel 5hit and inform you that you can only do that with a computer.

Phones are no longer simple items. As soon as they started storing important information or even accessing important information they became potential targets for hackers.


Yes the os is totally different. Not the features. Cell phones do not get targeted for viruses. Phones do not have virus/spyware software etc

Sent from my iPhone using Tapatalk

http://www.tomshardware.com/news/iphone-virus-botnet-bank-details,9136.html
http://mashable.com/2009/07/30/iphoneocalypse/

There have been viruses for phones as early as 2004.
http://news.cnet.com/Cabir-mobile-virus-found-in-U.S./2100-7349_3-5582302.html

I have a variety of antivirus, anti malware, anti phishing etc etc software on my PC. It absolutely does inform me if an app is collecting information and/or trying to transmit it over the network. In fact, no app is allowed to connect to the internet without me OKing it. I would think something like that would be available for smartphones which are really PC's in your pocket. If not, I'd say that's a big hole. Whether it's Apple or Android or Windows Mobile or whatever, just because there's a phone built into it doesn't mean it doesn't need some security. If anything, it heightens the need.

If you do your research, EVERY user who go their stuff hacked by this app clicked "OK" to allow said app general access to the internet and usage statistics. There's a popup screen that everyone had to click OK to, to use the apps that are listed. People not reading the stuff they click ok to isn't anything new.

http://www.tomshardware.com/news/iphone-virus-botnet-bank-details,9136.html
http://mashable.com/2009/07/30/iphoneocalypse/

There have been viruses for phones as early as 2004.
http://news.cnet.com/Cabir-mobile-virus-found-in-U.S./2100-7349_3-5582302.html

the 1st one is due to an ssh password that has never been changed after jailbreaking. something maybe 10% of users do. so it requires a user to hack the phone to allow a user to hack the phone! doesn't cvount.

the second is bs

i see you posted no links for any virus software, malware software or spyware software for a phone though hu

Those were just the first few hits that came off google. Regardless if the first one needs a jailbreak, it's still a virus. The 3rd is also one and an old one.

And I didn't say that phones necessarily need anti virus, I said they are very complex and susceptible to viruses and agreed with Wally that they need a little caution instead of just assuming that no viruses exist.

that wasn't my point. the point is apple does it for you with the way they manage the apps store. adroids weakness is it's openness

It's also it's strength and that just reinforces the similarity to the PC world. Apple computers aren't subject to as many virus attacks as MS systems partly because of the relatively limited software selection. There are millions of apps out there for Windows and no way for MS or anybody else to verify that each one is safe. You have to have some independent specialty software that watches for dangerous activity and blocks it or asks you to specifically allow it. Is it out there? Well, McAfee is getting in the game so I'd say, yeah. http://nexus404.com/Blog/2010/08/01/mcafee-acquires-wavesecure-for-added-android-security-mcafee-adds-another-member-to-its-security-software-group-with-wavesecure/
Android is taking the same approach to mobile devices and they will require the same sort of end user attention to security. Just like with your PC, if you make it a habit to click OK every time some silly little app needs permission to do something, you're going to end up with a trashed system. The fact is they ARE computers, far more capable than even the best desktop PC's of just a few years ago. They just happen to have cell phones built in. It's convergence. It's here. But stay in your safe Apple world and don't worry about it.

Nerd fight, Nerd fight!!!!!!!

So you can be a total dumbass and Apple will do everything for you? I'll keep the Android. Haven't found any weakness yet.