July 30, 2010 | by Andrew Kameka
Security companies often issue headline-grabbing reports about the threat of malicious activity. Those headlines sometimes don’t have much of a story to go with them, and people get caught in the crossfire.
That’s what one developer says happened to him when Lookout insinuated that several Android apps were potentially malicious. After a VentureBeat story on those findings said his app was collecting personal data and sending it to a “mysterious server in China.” the blogosphere was set ablaze with stories of malicious apps compromising data from “millions” of people.
The only problem with this narrative is that it’s not exactly true. While some apps make suspicious requests for data, there are occasions when it’s completely legitimate – as we noted in yesterday’s PSA on security permissions. Jackeey Wu, the accused developer, has defended himself in a statement to AndroidTapp.com citing that very issue. According to Wu, Lookout and VentureBeat wrongly suggested that his apps steal information that would be impossible to obtain since his app did not have permission to access that type of data. The suspicious permissions requested were done so because of user request and had legit reasons.
AndroidTapp has posted Wu’s comments in full to illustrate a line-by-line defense on the supposed security concerns. Meanwhile, Lookout has attempted to distance itself from the accusations by posting a clarification on its blog, but the damage may have already be done. Google has removed Wu’s apps from the Market to investigate the claims, and it’s quite possible that it will find nothing malicious in these apps. If that proves to be the case, a developer’s reputation may have been irreparably damaged.