Earlier today, we covered the Android wallpaper application that, according to Lookout, a mobile security firm, was harvesting user data like text messages and browsing history and sending it to a suspicious Chinese website. It turns out that the press went a bit overboard here by reporting this as a major mobile security risk, and Lookout has published a clarification on its blog.
The post says that while there is something suspicious about this application, it wasn’t accessing the kind of data the initial reports talked about (it does not access text messages or browser history). Sure, the app is sending some potentially sensitive information, such as your subscriber identifier, but Lookout still says there is no evidence of malicious behavior from this app.
The data included the device’s phone number, subscriber identifier (e.g. IMSI), and the currently entered voicemail number on the phone (see below for technical details). While this sort of data collection from a wallpaper application is certainly suspicious, there’s no evidence of malicious behavior. There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent.
Google says it has “suspended this application while we investigate further.”