updated 10:50 pm EDT, Wed July 28, 2010
Personal data uploaded to Chinese website
A malicious Android Market app has reportedly been downloaded by millions of users, according to mobile security firm Lookout. The app, developed by Jackeey Wallpaper, offers a variety of wallpapers including branded content such as My Little Pony and Star Wars.
Aside from providing backgrounds, the utility quietly collects personal information such as SIM card numbers, text messages, subscriber identification, and voicemail passwords. The data is then sent to www.imnet.us, a site that hails from Shenzhen, China.
The app behavior was discovered as part of Lookout's App Genome Project, an endeavor that aims to study content on the Android and iPhone apps. The firm found that most apps regularly access personal data, while many use third-party code for advertisements or other services.
"This is something everyone should be vigilant about," Lookout CEO John Hering said at the Black Hat security conference in Las Vegas. The executive suggests both Apple and Google actively pursue malicious content to be purged from their respective app portals. [via MobileBeat]