Security firm MyLookout claims that developer Jackeey – the publisher of the app Wallpaper in the Android market – is sending your data to someone in China if you have their app installed. The collection of apps pose as harmless wallpaper galleries, but they do a lot more behind that black, shady curtain that you don’t see. Namely, your browsing history, text messages, SIM card data, subscriber ID, phone number and your voicemail password are all candidates to be intercepted by the app and sent to mainland China.
Reports are saying that at least 1.1 million users are affected by the malicious app, but we’re positive Google will engage that handy killswitch we know they have on standby to take care of this unfortunate circumstance. If you have that app installed, be sure to remove it from your phone at once if Google hasn’t already done it for you.
[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device’s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail’s password is also not transmitted unless you included the password in your phone’s voicemail number field.
We’re not yet certain on what the developer’s intentions are for using the pieces of data it does send to China – so we can’t outright call it malicious – but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone’s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data.