Some Android apps designed to lift personal data

A number of applications running on Android smartphones are reportedly capable of aggregating a user’s personal information and transmitting it to a website based in China. Among the information included in the transmissions are phone numbers, passwords and data related to the subscriber’s mobile phone account and contract.

Web security firm Lookout reported the data theft at the ongoing Black Hat 2010 conference in Las Vegas. Most of the applications responsible for the attacks were created by Jackeey Wallpapers. Lookout is unclear whether or not the data-stealing capability is intentional or not; however, it has advised Android users to avoid downloading any of these applications.

“Even good apps can be modified to turn bad after a lot of people download it,” Lookout's chief technology officer, Kevin MaHaffey, told PC Magazine. “Users absolutely have to pay attention to what they download. And developers have to be responsible about the data that they collect and how they use it.”

The attacks are especially troublesome for security professionals as phones running on the Android operating system have quickly become some of the most popular, according to a report recently released by ChangeWave Research. With more than 16 percent of Americans planning to purchase a smartphone in the next 90 days, developers are planning security improvements to avoid potential issues and lost customers.