And you thought those iPhone 4 signal problems were bad -- at last week's Black Hat conference, a San Francisco firm called Lookout Mobile Security revealed that third-party smartphone apps are stealing user information and (literally) phoning home with it. And by "home," I mean China.
Between one and four million users of Android phones have downloaded wallpaper apps that swipe personal data from the phone and transmit it to a Chinese-owned server, a mobile security firm said today.
According to San Francisco-based Lookout, a large number of free wallpaper apps in the Android Market scrape the phone number; the user-specific subscriber identifier, also know as the IMSI (International Mobile Subscriber Identity); the phone's SIM card's serial number; and the currently-entered voicemail number from the phone.
[ Also on InfoWorld: Find out what Cringely has to say about the wacky mobile world, now that users are legally allowed to jailbreak their iPhones and build their own Android apps. | Stay up to date on all Robert X. Cringely's observations with InfoWorld's Notes from the Underground newsletter. ]
According to Lookout's App Genome Project, which analyzed more than 300,000 free apps for Android and iPhone handsets, about a third of all apps can access your phone's contact list and/or location information. Overall, iPhone apps are a slightly bigger risk than Android apps, especially the free ones. (That squinchy sound you're hearing is thousands of Apple fanboys simultaneously getting their knickers in a twist.)
Hey, there's a reason why "apps" rhymes with "saps." While you're busy papering your smartphone with anime pix, bad guys are busy scooping up your personal information with both hands and heaving it over the Great Firewall.
The good news? Whoever was collecting that data over in Guangdong Province hadn't done anything nasty with it -- yet. Per the Lookout company blog:
While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior. There have been cases in the past where applications are simply a little overzealous in their data gathering practices, but not because of any ill intent.