Slashdot Mirror


Android Data Stealing App Downloaded By Millions

wisebabo writes "A wallpaper utility (that presents purloined copyrighted material) 'quietly collects personal information such as SIM card numbers, text messages, subscriber identification, and voicemail passwords. The data is then sent to www.imnet.us, a site that hails from Shenzen, China.'"

3 of 335 comments (clear)

  1. Re:I'm confused... by arth1 · · Score: 3, Interesting

    Wallpapers aren't just static images.

    The wallpaper I have here, changes colour depending on the time of day.
    You can even show a view adjusted for the weather where you are.

  2. Re:I'm confused... by disambiguated · · Score: 3, Interesting

    Yes that is exactly how it works. You specify which permissions your app needs in the xml manifest. These permissions are displayed to the user. If your app attempts to use an API which requires permissions not specified in the manifest, the app gets a security exception. It doesn't rely on the developer being honest.

  3. There is a lot of FUD in these stories by gotpoetry · · Score: 3, Interesting

    These wallpaper apps cannot access your contact's phone numbers, SMS messages or personal information.

    Check out the manifest permissions on the apps in question. It is the last item that is the problem.

    !Storage
    modify Delete

    !Your location
    coarse (network-based) location

    !Network communication
    full Internet access

    !Phone calls
    read phone state and identity

    The permission only allow the app to read the IMEI number of your phone (your hardware's unique identifying number), your phone number, and your currently programmed voice-mail number. If you hard coded your voice-mail password as part of your voice-mail number, then they have that too.

    They shouldn't be stealing this info, and Google should separate "read phone state" from "read identity", but the stories on this app stating that your SMS's, contacts and grandmother's girdle being stolen and sent to China just plain wrong.