80 Android Wallpaper Apps stealing sensitive data, Lookout revealed at Black Hat USA 2010

At Black Hat USA 2010 security conference in Las Vegas, Lookout's "App Genome Project" found a series of simple Wallpaper apps in Android Market suspiciously collecting data: "The wallpaper apps that we analyzed transmitted several pieces of sensitive data to a server over an unencrypted network connection. The data included the device's phone number, subscriber […]

At Black Hat USA 2010 security conference in Las Vegas, Lookout's "App Genome Project" found a series of simple Wallpaper apps in Android Market suspiciously collecting data: "The wallpaper apps that we analyzed transmitted several pieces of sensitive data to a server over an unencrypted network connection. The data included the device's phone number, subscriber identifier (e.g. IMSI), and currently entered voicemail number on phone," Lookout CTO Kevin Mahaffey said. "While this sort of data collection from a wallpaper app is certainly suspicious, there's no evidence of malicious behavior. There've been cases in past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent."

The group found more than 80 wallpaper apps that did this, and they all traced back to two developers "Jackeey" and "wallpaper," both of whom have since changed their names. The various apps are estimated to have been downloaded between one and four million times.

Full Wallpaper Details