Popular wallpaper apps deemed safe, Google says

Bad Wallpaper App

The developer of a series of Android wallpaper apps whose work was called into question last week over security concerns has been cleared by Google and is back in the Android Market.

We're only a week removed from the Android security saga that began at the Black Hat conference, and it looks like we have resolution that should put some of your fears at ease. It all started when Kevin MaHaffey, CTO of security firm Lookout, singled out Android wallpaper app developer "jackeey,wallpaper" and called it "a questionable Android mobile wallpaper app that collects your personal data and sends it to a mysterious site in China, (and) has been downloaded millions of times." VentureBeat was there and ran with the story, under the scary headline "Android wallpaper app that takes your data was downloaded by millions."

Later that day, Lookout amended its initial concerns, saying "there is no evidence of malicious behavior," though the data the apps were collected remained "suspicious." VentureBeat updated its story, which by this time was spreading like wildfire.

We contacted the developer, who explained that the data was collected "so I use the these to identify the device, so they can favorite the wallpapers more conveniently, and resume his favorites after system resetting or changing the phone." In other words, to remember user preferences. We published the developer's response in its entirety last Thursday.

That brings us to today. Google stepped in and took a look at things. And it found that indeed the apps weren't malicious or a threat to security, telling Computer World's JR Raphael "The developer's applications have been reviewed and the suspension has been lifted." The Android team did, however, point out to the developer that the method in which it was storing user preferences was unnecessary.

So in the end, this was a case of bad coding, not malicious intent. What can be done about this in the future? It'd be great if there were some sort of system to inspect apps before they hit the Market. Maybe not with walls as high as the app store, but something to check basic security and functionality up front. We're all about the Android Market being open to all. But with Android and the Android Market growing as quickly as they are, caveat emptor may not be the best policy any more. [Venture Beat, Computer World]

  • well, glad that's settled!
  • true , pfft I didnt have it anyhoo but still good news that there was no "evil intent" after all :)
  • I tried finding this app and cannot find it. How do i find it?
  • I tried to find it as well. Wanted one of those wallpapers shown in the pic. Can someone please tell me how to find this?
  • I love how the bloggers, podcasters and the media picked this up and ran with it as the "Android Security Apocalypse" without stopping to do any fact checking. They're all so god damned worried about being the first one to hit the wire that they'd run a story about the Cookie Monster blowing Big Bird without pausing to even see if the Cookie Monster or Big Bird even fucking exist.
  • Never let facts get in the way of raking up website hits!
  • To say that the Market should have some kind of approval process is crazy.
  • Or maybe a two tiered market. Just like you can turn on installation of apps via your browser with a checkmark option. Why not have an option to allow\see apps that HAVEN'T passed Google's seal of approval. The approved market could be called the G-Spot. =D
    The only real issue with that is that Google would have to add a butt load of resources to manage such an approval process. *shrugs*
  • Congratulations Phil. Your initial journalism and direct report from the developer was first rate. Must have been the same group that solved the Atlanta Olympics bombing who convicted this developer. Perhaps having an actual journalist in the 'new' media has some benefits!
  • Anyone up for a lawsuit against Lookout? Seriously can you say baseless slander?
  • It looks fishy to me. How many downloads do you think lookout got after they released this "scare story?" There are all of these "virus apps" for android. but how useful are they without viruses?