Japanese agency warns of information-stealing Android porn app

A Japanese Internet security agency has issued a public warning about Android apps that offer free images of scantily clad models to trick users into giving up their personal details.

An in-depth analysis of one Japanese app called “Porno Sexy Model Wallpaper,” downloaded over 500,000 times, was offered as an example. The warning was issued Friday by the Information-Technology Promotion Agency (IPA), a government-sponsored body based in Tokyo.

“Currently it can’t be said that ‘Downloading apps directly from ‘Google Play’ is safe,'” the agency said in a statement.

“While this app does have the function of displaying wallpapers, it can be said that the app is actually fraudulent meant to steal details such as mobile phone information.”

The IPA recommended that users avoid the Google Play store, and instead download apps from online stores operated by Japan’s major operators, such as the “d-Market” from NTT DoCoMo. It also said users should install security software on their phones.

The IPA demonstrated how the app, available until recently on the Google Play store, requests user permission to access information including location and Google account details, with a distracting image of a smiling woman as the icon. The agency said that while the app is not technically a virus or trojan horse, it does send user details to a third-party server with no apparent benefit to the user.

The app had a 4.5 rating on the Japanese version of Google Play, with over 7,000 reviews, and showed between 500,000 and a million downloads. It was uploaded to the store in July of last year.

Upon being launched, the app displays a full-screen image of a pretty girl, while sending the information in the background. In some cases users need to scroll down to read the fine print about what they are agreeing to, while an “OK” button sits at the top of page.