Has the Android Data-Stealing Scandal Been Overcooked?
|Are Android phones like this stealing your personal information?|
But the purported scandal here is a bit more complicated than early press reports have suggested. Indeed, it's questionable whether Lookout's findings qualify as a scandal at all, because it turns out that every one of the customers who has downloaded these apps has had to specifically agree to his or her information being shared. There's a phrase for this that precedes the age of the mobile app: Caveat emptor.
Developers have been pushing back against implications that the data-sharing was improper. Indeed, Lookout itself has apparently been alarmed at the negative tone of the coverage on its research, posting an "update and clarification" on its blog, stating, "While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior."
Suspicious but not malicious. Uh-huh.
We got on the phone with Lookout's founder and CEO, John Hering. He confirmed that under the Android's "permission" protocol, users have to consent to all sharing of their personal information, and did so with the wallpaper apps in question. (According to Lookout, the apps have shared users' phone numbers, subscriber identifiers, and voicemail numbers.)
However, Hering noted that the prompts users must consent to before downloading the apps can be maddeningly vague: By agreeing that an app can "Read phone state and identity," for example, you could be signing off on your phone number being sent to some mysterious third party in, yes, China.
"We never said it was malicious," he said. "What is suspicious is an app that is accessing or using data that doesn't have any use in the app itself."
Follow us on Twitter at @TheSnitchSF and @SFWeekly