Recently there has been major news hitting the blogsphere in regards to a wallpaper app that has been allegedly sending users personal information to a server in China to collect this data. Now normally this news is urgent and should be spread around in mass to make sure that users can protect themselves and Android, and given that recently an app developer threatened to “flood the Andorid Market with spam” this new news hit hard and fast to many.
And now we’ve recently found out that in fact these statements about the wallpaper app created by “jackeey, wallpaper” and “IceskYsl@1sters!” (owned by the same developer) are in fact false. But the scary part is that the big head haunchos of such news did not double check, and check again, before spreading out the alleged news out there. These folks I’m referring to are VentureBeat, The Wall Street Journal, CNET, Yahoo! News, Fast Company, Fortune, PC World, Computer World, AppleInsider, and many others as well that all boarded the high and mighty position and point the finger to this developer. No one set time aside to ask the developer of the app if this information that was coming in was true or false especially after they came from Lookout who gathered this alleged information in their App Genome Project.
Initial Statement Lookout gave to VentureBeat (via AndroidTAPP)
Update: VentureBeat stated Lookout said the app does the revised statement:
Update: Lookout notes it does not capture browsing history and text messages. It collects your browsing history, text messages, your phone number, subscriber identification, and even your voicemail password, as long as it is programmed automatically into your phone. It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China. The app has been downloaded anywhere from 1.1 million to 4.6 million times. The exact number isn’t known because the Android Market doesn’t offer precise data. The search through the data showed that Jackeey Wallpaper and another developer known as iceskysl@1sters! (which could possibly be the same developer, as they use similar code) were collecting personal data. The wallpaper app asks for permission to access your “phone calls,” but that isn’t necessarily a clear warning. While suspicious, Lookout says there isn’t evidence of malicious behavior.
Response from the Accused Developer
Interview with Developer by AndroidTAPP
Hi, I noticed in venturebeat.com that the CEO of Lookout said that I have collected user’s data in my wallpaper apps.The data includes browsing history, text messages, phone’s SIM card number, subscriber identification, and even your voicemail password.â€¨(http://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/)
I do not collect user data likes what the CEO of Lookout Said in venturebeat.com He said that I have collected the text message, it is bullshit. We know that if a developer wants to collect text message, he must declare some android permissions (android.permission.READ_SMS, android.permission.RECEIVE_SMS, or android.permission.RECEIVE_MMS) firstly. And these permissions will be shown on the Android market security page and Application settings. We can see the following screen shortcut from android market, that I do not declare the permission in my applications (The right one). So my applications can’t collect user message absolutely.
In the news, it said I collected the browsing history in my applications, it makes no sense.â€¨You can see the screen shortcut below. The “Browser” applications declare the permissions to read/write browsing history and bookmark. But in all my applications, I do not declare that permissions to collect these user’s data.
Other wallpaper application collected more data. Please look out the most popular wallpaper apps i.e. “Background”. That application required 8 permissions. My applications just required 5 permissions to make the app run well, and all of these permissions have been contained by “Background”. In my applications I collected some device data, not user data. I collected the screen size to return more suitable wallpaper for the phone. More and More users emailed me telling that they love my wallpaper apps so much, because that even “Background” can’t well suited the phone’s screen.â€¨I also collected device id,phone number and subscriber id, it has no relationship with user data. There are few apps in Android market has the favorites feature. Many users suggest that I should provide the feature so I use the these to identify the device, so they can favorite the wallpapers more conveniently, and resume his favorites after system resetting or changing the phone.
I am just an Android developer, I love wallpapers and I use different wallpaper every day. All I want is to make the greatest Android apps.
I am wondering why the the ceo of Lookout or the Author of venturebeat.com attacks me and make irresponsible points.
Retroactive Summary Statement from Lookout About the Malicious Apps
While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior. There have been cases in the past where applications are simply a little overzealous in their data gathering practices, but not because of any ill intent.
Eirka Shaffer PR for Lookout with AndroidTAPP
Lookout didn’t retract anything. When we saw the misinformation being spread we posted as soon as we could a complete post on what we had found about these apps. That they were transmitting the phone number, subscriber ID and voicemail phone number to a server owned by the developer. We said that in the presentation on Wednesday.
Bottom line is that when you go around with authority, you are not only given the benefit of the doubt but it is also understood that you would not be spreading any libel against anyone due to all sorts of consequences and damages. We here at Android Headlines have reported on the allegations that were going around and also did not talk to the developer and cannot make any conclusions aside from the information that has come in in which we report on. Just as Lookout Mobile Security has made their reassessment, we have brought you the latest news regarding this issue and know that we ourselves have never used our authority to hurt anyone without heavily warranted and investigated information. Never report or believe anything that hasn’t been double checked twice guys… especially in the kind of world we live in in which anyone will do anything to make themselves look better, even if it means bringing someone down.