An application, available through the Android Market, will have been used to steal personal data from millions of users of smartphones with the operating system promoted by Google.
The software in question is intended to provide wallpapers for the phones, but it will have been explored in order to be used as a tool to collect user data, such as the SIM card number, subscriber identification or even the access code to the voice-mail, the two specialists from the Lookout security, who reported the failure.
The information was released yesterday, during the Black Hat security conference, which takes place in Las Vegas (USA).
According to the speakers, cited by Venture Beat, the application in question will have been downloaded «between 1.1 million and 4.6 million times», they estimate, claiming that the Android virtual store does not provide exact numbers.
According to them, there is evidence that the collected data is sent to a website whose owner resides in Shenzhen, China.
The application, submitted by Jackeey Wallpaper, allows you to obtain images of Little Poney, Hello Kitty or Star Wars, for example, but it has been modified. According to experts, a survey revealed that also the applications of a programmer known as iceskysl @ 1sters! (which may be the same) would be collecting personal data.
«Even good applications can be modified and made malicious after they have been downloaded by many people,» said Kevin MaHaffey, Lookout’s chief technology officer, warning programmers of the need to take precautions about the data they collect and the way they use.