Last night, VentureBeat reported on the findings from mobile security firm Lookout that a suspicious Android mobile wallpaper app, which has been downloaded in excess of one millions times, has been found to collect and ship personal data off to a "mysterious site in China." As a result, there's a mood growing within the blogosphere of Apple fans that this sort of thing would be far less common in the Apple-family of iDevices and suggests further that the recent concerns about iPhone and iPad security glitches were vastly overblown.
Not so fast.
As highlighted by Lookout Chief Executive Officer John Hering and Chief Technology Officer Kevin MaHaffey, no smartphone, mobile platform or operating system is immune to the growing security threats in the world of smartphones. "That means that apps that seem good but are really stealing your personal information are a big risk at a time when mobile apps are exploding on smartphones," said Hering at the Black Hat security conference in Las Vegas on Wednesday. “Even good apps can be modified to turn bad after a lot of people download it,” MaHaffey added. “Users absolutely have to pay attention to what they download. And developers have to be responsible about the data that they collect and how they use it.”
The app that caused all the trouble originated from "Jackeey Wallpaper," which was uploaded to the Android market for the ostensible purpose of enabling users to pretty-up their phones running the Google Android operating system. And it's not some cheesy app either. According to the VentureBeat report, the app delivered branded wallpapers from the likes of "My Little Pony" and "Star Wars." But the Lookout report found that this particular app "collects a user’s browsing history, text messages, your phone’s SIM card number, subscriber identification, and even your voice mail password. It sends the data to a web site that... is evidently owned by someone in Shenzhen, China."
While even the staunchest Apple fans and critics should not wish for these security threats to manifest on any mobile platform, there is a sigh of relief (perhaps naively so) in the Apple community as a result of these findings, which hold that nearly half of all the Android apps analyzed used third party code, while less than one quarter of the studied iPhone apps did the same.
Hering said in a press conference afterward that he believes both Google and Apple are on top of policing their app stores, particularly when there are known malware problems with apps. But it’s unclear what happens when apps behave as the wallpaper apps do, where it’s not clear why they are doing what they are doing.