Security firm Lookout says that a malicious suspicious app has been downloaded anywhere from 1.1 million to 4.6 million times.
The app in question is called Jackeey Wallpaper and was uploaded to the Android Market where users could download the application for free. According to Lookout, the application would access the owner’s SIM card number, subscriber identification, and voicemail password (as long as it is programmed automatically into your phone) and send it to a site called imnet.us. That site is owned by someone in the Chinese city of Shenzhen.
Update: Lookout contacted me to say the original Venturebeat report was inaccurate:
Upon installation, the wallpaper app asks for permission to access your phone calls, which should have been a clear warning not only to users but for the people manning the Android Market’s approval process.
This isn’t the first case of mobile app developers sneaking deviant code into their apps this month. Earlier, a 15 year old developer submitted a flashlight application to Apple’s (AAPL) App Store which had code that turned iPhones into Internet routers. Apple removed the application within a few hours of it being widely reported.
According to Venturebeat, John Hering, chief executive of Lookout said in a press conference afterward that he believes both Google and Apple are on top of policing their app stores, particularly when there are known malware problems with apps.