Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Black Hat 2010: Android software stealing data from smartphone owners

As reported previously by Infosecurity, because Android is effectively an open source software marketplace, Google does no impose anything like the heavy-duty vetting of smartphone apps that Apple does.

At the Black Hat security conference in Las Vegas this week, John Hering and Kevin MaHaffey of security research firm Lookout, told attendees they had come across an Android wallpaper app that secretly transmitted users phone numbers, subscriber identifiers, and voicemail numbers to a server in Shenzen, China.

The Lookout researchers said that more than a million Android users are thought to have downloaded the app from the Android market, which acts as a resource for Android users to download free and pay-for apps for their smartphone.

In a blog posting about the firm's discoveries, Lookout said that, while this sort of data collection from a wallpaper application is certainly suspicious, there's no evidence of malicious behaviour.

"There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent", the firm said.

According to Graham Cluley, a senior technology consultant with Sophos, one of the challenges that owners of smartphones running the Android operating system face is that it is not as closely monitored as Apple's equivalent.

"Although there's much criticism that Apple has received for the way it controls the iPhone environment, it's clear that the only malware attacks we've seen to date on that platform have affected users who have chosen to jailbreak their iPhones and escape the relative safety of the AppStore", he said in a security blog posting.

What’s Hot on Infosecurity Magazine?