Reports from Japan are stating that an address book app for Android-powered devices in Japan had temporarily leaked the personal data of 760,000 users onto the web.
The app, Zenkoku Denwacho [Nationwide Address Book], had been available for Android for approximately three weeks. NetAgent Co, a security company, reported the leak to the Tokyo Metropolitan Police Department and the case will be investigated.
Users who downloaded the app could search through an extensive address book put together by Nippon Telegraph and Telephone Corp (NTT), a Tokyo-based telecommunications company.
However, one of the app’s design aspects is to send smartphone users’ personal data stored in the phone to a rental server – and this was how the leak occurred. It is unknown as to how crucial this aspect is to the functionality of the app.
An estimated 3,300 people have downloaded the app, and would have temporarily had access to this information.
According to reports, the developer of the app has stated the leaked information has since been deleted, and that there was an explicit warning attached to the application stating that users’ address books would be “used”.
One of the biggest bugbears of Android, aside from fragmentation, is issues of security, and this story will do little to appease Droid sceptics.
NetAgent has said that the warning attached to the address book app was insufficient. Parallels therefore can be drawn with Connect Ltd, the Russian firm whose malware misdemeanours cost them £50,000 in a fine from UK service regulator PhonepayPlus, with their terms and regulations not telling customers the actual costs of their app.
Elsewhere, recent research from Duo Security noted that over half of Android devices worldwide are unpatched and could be taken advantage of by a malicious app.
It might be unfair to tar Android with the same brush this time, but would this story put doubts in your mind over security?