Up to half of free Android apps, and a quarter of free iPhone apps, are gathering and sharing sensitive data from a user’s phone.
While Android apps request permission to harvest data, it’s not stated explicitly what’s being collected, and iPhone apps don’t ask at all.
And when mobile security firm Lookout scanned 300,000 free applications for the two platforms, it found that many were gathering subscriber data and shipping it off to third parties.
“During our research, we found a series of wallpaper applications in the Android market are gathering seemingly unnecessary data,” says Lookout’s co-founder and chief technology officer, Kevin Mahaffrey.
“The wallpaper applications that we analyzed transmitted several pieces of sensitive data to a server over an unencrypted network connection. The data included the device’s phone number, subscriber identifier (eg IMSI), and the currently entered voicemail number on the phone.”
According to mobile security firm Lookout, wallpaper apps from one particular Chinese developer, jackeey,wallpaper, is a particular culprit. It says apps from this developer have been downloaded 1.4 million times.
But Lookout concedes that it has no evidence that the data is being collected for malicious purposes.
And when AndroidTapp contacted jackeey,wallpaper – real name Jackeey Wu – he told the blog that he had been collecting the data simply to improve his products.
“I collected the screen size to return more suitable wallpaper for the phone,” he said.
“I also collected device ID, phone number and subscriber ID – it has no relationship with user data. There are few apps in Android market has the favorites feature. Many users suggest that I should provide the feature so I use the these to identify the device, so they can favorite the wallpapers more conveniently, and resume his favorites after system resetting or changing the phone.”
Nevertheless, Google has said it plans to investigate.