Has the Android Data-Stealing Scandal Been Overcooked?

Categories: Tech
Are Android phones like this stealing your personal information?
The tech world has been buzzing with news that a San Francisco firm, Lookout Mobile Security, has discovered that wallpaper applications used by millions of phones with Google's Android operating system send subscribers' information to third parties. The headlines over this story have carried a distinctly sinister tone, such as this one from Computer World: "Free Android apps scrape personal data, send it to China."

But the purported scandal here is a bit more complicated than early press reports have suggested. Indeed, it's questionable whether Lookout's findings qualify as a scandal at all, because it turns out that every one of the customers who has downloaded these apps has had to specifically agree to his or her information being shared. There's a phrase for this that precedes the age of the mobile app: Caveat emptor.

Developers have been pushing back against implications that the data-sharing was improper. Indeed, Lookout itself has apparently been alarmed at the negative tone of the coverage on its research, posting an "update and clarification" on its blog, stating, "While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior."

Suspicious but not malicious. Uh-huh.

We got on the phone with Lookout's founder and CEO, John Hering. He confirmed that under the Android's "permission" protocol, users have to consent to all sharing of their personal information, and did so with the wallpaper apps in question. (According to Lookout, the apps have shared users' phone numbers, subscriber identifiers, and voicemail numbers.)

However, Hering noted that the prompts users must consent to before downloading the apps can be maddeningly vague: By agreeing that an app can "Read phone state and identity," for example, you could be signing off on your phone number being sent to some mysterious third party in, yes, China.

"We never said it was malicious," he said. "What is suspicious is an app that is accessing or using data that doesn't have any use in the app itself."

Follow us on Twitter at @TheSnitchSF and @SFWeekly

My Voice Nation Help
Sort: Newest | Oldest

Now Trending

San Francisco Concert Tickets

From the Vault


©2014 SF Weekly, LP, All rights reserved.