

Android Wallpaper Apps Falsely Accused of Spyware & Stealing User Data - mjtokelly
http://www.androidtapp.com/android-wallpaper-apps-falsely-accused-of-spyware-and-stealing-sensitive-user-data-fud/

======
ZeroGravitas
It's a spammy sounding title (in fact the article's a bit dodgy too) but it
does have what is claimed to be the comments of the app developer Jackeey Wu
who created the apps whose data collecting behavior has been challenged.

~~~
htsh
I agree that it's a bit dodgy but his evidence looks pretty sound and I'm
happy I read this, as I had installed the other "Backgrounds" wallpaper
application which apparently collects personal information.

------
gyardley
Well, it certainly wouldn't be the first time a 'security' company exaggerated
something in order to sell their software.

------
loumf
How is phone number not private user data?

~~~
blocke
It is semi-private data. I hate to say this but phone numbers are not exactly
private anymore and anyone with clue and motivation can dig it up for pennies.
But a user is justified to feel negative about such data being transmitted.

I could imagine a real use for it in the way the developer mentioned if it
ends up acting like the only unique identifier that changes between specific
phones and carriers. You're likely to port your phone number with you and thus
the identifier travels with you.

Edit: I honestly don't know what kind of unique identifiers Google provides so
the number could still be inappropriate.

~~~
MJR
What is "semi-private" data and if I do not give out my mobile phone number,
how can anyone obtain it unless I call them?

~~~
blocke
Besides leaked databases and PI tools this is one I learned of in the past
month:

There are various reverse caller databases floating around. I forget the name
of the database but there was a talk at HOPE 2010 less than a month ago about
abusing VOIP providers and caller ID spoofing to scan through and map large
blocks of cellphone numbers at a time. Apparently there are wholesale
resellers of caller ID lookup databases and some cellphone companies are more
than happy to associate the name on the account with individual cellphone
entries in their reverse databases.

With such a system if you know what possible area codes/exchanges they might
be in and what their name is you had very good odds of finding AT&T and
T-Mobile customers. Verizon wasn't really discussed.

Of course social engineering the number from you might be a lot easier the
first time... ;)

