For up to 4 million Android phone users, things could be a lot better. A report out today is saying that 1 to 4 million users that have downloaded wallpaper apps from the Android Marketplace may be having their personal information sent to a server in China. The information included is the phone number, IMSI (international mobile subscriber identity), the SIM card serial number and the voicemail number for that phone.
The information is sent to a server that is located just north of Hong Kong. There are over 80 wallpapers created by two users include code that accesses the users data and sends it along. An expert with LookOut has posted bits of the code and samples of the HTML code that was found in the wallpaper apps. The code appears suspicious, but there isn’t any indication at this point whether or not it is tied to malware.
Typically, Android apps, like the wallpaper apps, must require approval from the user before it can go ahead and collect data to send it to the developer of the apps. Right now, the estimated downloads of the wallpaper apps, which are free, total about 1.05 million to 4.02 million.
Android apps can be downloaded from places other than the marketplace, so there is little control over 3rd party code and things of that nature. Google has declined to comment, but said they are looking into LookOuts’ allegations.
