Is your voice mail password now the property of some Chinese hacker? Millions of Android users who downloaded an innocuous wallpaper app from Google’s Android Market may be nodding their heads ‘yes.’ Turns out, that wallpaper app was sending voice mail passwords and many other bits of personal data to someone in Shenzhen, China, according to one report.
The exploit was downloaded “anywhere from 1.1 million to 4.6 million times,” reports Dean Takahashi of VentureBeat. The application grabs your browsing history, text messages, phone’s SIM card number and subscriber ID and sends it all to the www.imnet.us website, according to the report.
The data theft was first discovered by mobile security firm Lookout and announced at the Black Hat conference of security experts in Las Vegas. Unlike the recent security hole found in the AT&T website that could have allowed hackers access to 144 thousand iPad owner email addresses, the Android exploit was more extensive, involved more serious data theft and most importantly – it wasn’t a hypothetical threat.
Nearly half (43 percent) of the apps offered by Android Marketplace include third-party instructions, compared to 23 percent of iPhone apps, Lookout said. Another difference between the two app sources: iOS applications require Apple approval before appearing in the App Store. By comparison, Google’s Market only warns users during the installation process.
Additionally, applications distributed through the App Store carry digital certificates from Apple, reducing the likelihood malicious hackers could anonymously distribute data-stealing code.