|
|
此文章由 bulaohu 原创或转贴,不代表本站立场和观点,版权归 oursteps.com.au 和作者 bulaohu 所有!转贴必须注明作者、出处和本声明,并保持内容完整
http://mobile.venturebeat.com/20 ... loaded-by-millions/
两名安全研究人员在Blackhat会议上发表演讲,指出一款Android的墙纸程序会把你的电话号码、用户号码、留言信箱密码等等送往位于中国深圳的一台神秘的服务器。
这款程序叫Jackeey Wallpaper,如果你不幸安装了,赶紧卸载吧
questionable Android mobile wallpaper app that collects your personal data and sends it to a mysterious site in China, has been downloaded millions of times, according to data unearthed by mobile security firm Lookout.
That means that apps that seem good but are really stealing your personal information are a big risk at a time when mobile apps are exploding on smartphones, said John Hering, chief executive, and Kevin MaHaffey, chief technology officer at Lookout, in their talk at the Black Hat security conference in Las Vegas today.
“Even good apps can be modified to turn bad after a lot of people download it,” MaHaffey said. “Users absolutely have to pay attention to what they download. And developers have to be responsible about the data that they collect and how they use it.”
The app in question came from Jackeey Wallpaper, and it was uploaded to the Android Market, where users can download it and use it to decorate their phones that run the Google Android operating system. It includes branded wallpapers from My Little Pony and Star Wars, to name just a couple.
Update: Lookout notes it does not capture browsing history and text messages. It collects your browsing history, text messages, your phone number, subscriber identification, and even your voicemail password, as long as it is programmed automatically into your phone. It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China. The app has been downloaded anywhere from 1.1 million to 4.6 million times. The exact number isn’t known because the Android Market doesn’t offer precise data. The search through the data showed that Jackeey Wallpaper and another developer known as iceskysl@1sters! (which could possibly be the same developer, as they use similar code) were collecting personal data. The wallpaper app asks for permission to access your “phone calls,” but that isn’t necessarily a clear warning. While suspicious, Lookout says there isn’t evidence of malicious behavior.
The Lookout executives found the questionable app as part of their App Genome Project. Lookout is a mobile security firm, and it logged data from more than 100,000 free Android and iPhone apps as part of the project to analyze how apps behave. It found that the apps access your personal data quite often. On Android, each user is asked if they give their permission to access an app, but on the iPhone, where Apple approves apps, no permission is needed.
Roughly 47 percent of Android apps access some kind of third-party code, while 23 percent of iPhone apps do. The executives also found that many apps use third-party software programs to do things such as feed ads into an app. Often, developers unquestioningly use the software development kits of those third parties in their apps, even if they don’t know what they do. In many cases, there is a good reason for the use of personal information. Ads, for instance, can be better targeted if the app knows a user’s location.
Hering said in a press conference afterward that he believes both Google and Apple are on top of policing their app stores, particularly when there are known malware problems with apps. But it’s unclear what happens when apps behave as the wallpaper apps do, where it’s not clear why they are doing what they are doing. [Update: Google has said it has suspended the wallpaper app while it investigates the matter]. |
|
E&E -- 果-肉恋曲 (三) -- 蜜桃红酒炖牛肉 (2010-3-14) 闲夏采薇 
发表于 2010-7-30 10:33
