Black Hat news: Android app sends data to China [telecom]

" A questionable Android mobile wallpaper app that collects your " personal data and sends it to a mysterious site in China, has " been downloaded millions of times, according to data unearthed " by mobile security firm Lookout. " " That means that apps that seem good but are really stealing " your personal information are a big risk at a time when mobile " apps are exploding on smartphones, said John Hering, chief " executive, and Kevin MaHaffey, chief technology officer at " Lookout, in their talk at the Black Hat security conference " in Las Vegas today.

{ article continues at following URL }

Other references cited:

***** Moderator's Note *****

Has this been confirmed, or is it just a report?

Bill Horne Moderator

Reply to
Thad Floryan
Loading thread data ...

I'm not sure exactly what you're asking. The site they cited,, is definitely in China, not the USA, per a whois.

The two authors had a scheduled presentation July 28 at BlackHat in Las Vegas NV from 1645 to 1800 per:


The authors' bios are here:


and more info about the authors' AppGenome project is here:

with the summary:

" [...] " The App Genome Project has already scanned nearly 300,000 " applications, and fully mapped nearly 100,000. Early findings " show differences in the sensitive data that is typically " accessed by Android and iPhone applications and a proliferation " of third party code in applications across both platforms. " " Results found that applications on Android are generally less " likely than applications on iPhone to be capable of accessing " a person?s contact list or retrieving their location, with " 29% of free applications on Android having the ability to " access a user?s location, compared with 33% of free " applications on iPhone. Additionally, nearly twice as many " free applications have the capability to access people?s " contact data on iPhone (14%) as compared to Android (8%). : [...]

I don't know if BlackHat publishes or makes available additional material after the conference concludes today (July 29, 2010).

Reply to
Thad Floryan Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.