Developers have been pushing back against implications that the data-sharing was improper. Indeed, Lookout itself has apparently been alarmed at the negative tone of the coverage on its research, posting an "update and clarification" on its blog, stating, "While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior."
Suspicious but not malicious. Uh-huh.
We got on the phone with Lookout's founder and CEO, John Hering. He confirmed that under the Android's "permission" protocol, users have to consent to all sharing of their personal information, and did so with the wallpaper apps in question. (According to Lookout, the apps have shared users' phone numbers, subscriber identifiers, and voicemail numbers.)
However, Hering noted that the prompts users must consent to before
downloading the apps can be maddeningly vague: By agreeing that an app can "Read phone state and identity," for example, you could be
signing off on your phone number being sent to some mysterious third
party in, yes, China.
"We never said it was malicious," he said. "What is suspicious is an app that is accessing or using data that doesn't have any use in the app itself."
Follow us on Twitter at @TheSnitchSF and @SFWeekly