Account Stealing Wallpaper App Found in Google Play Store

Account Stealing Wallpaper App Found in Google Play Store

Even when installing from the Google Play store, caution should be used when installing apps.

A good rule to follow is to ask yourself if the app being installed is asking for more permissions than what it needs to function. When it comes to a wallpaper app, the list of permissions should be rather short.

It was recently brought to our attention that there was a wallpaper app on the Google Play store that had an extra permission that didn’t fit. It was using the permission GET_ACCOUNTS which allows access to list accounts.

This wallpaper app was doing a bit more than just displaying pictures on the device’s background.



The app goes by the name of Sexy Girls Wallpaper Gallery with the package name With the permission GET_ACCOUNTS accepted, it then uses the getAccountsByType() function to gather account information from Google, Facebook, and Twitter.

The stolen account information is then sent to a remote server. This is all triggered when the app is opened.



It uses the value email for Google/email account info, emailf for Facebook account info, and emailt for Twitter account info when sending to the remote server.




The app has been installed between 50,000-100,000 times from the Google Play store, and was last updated on May 16, 2014. It’s not clear how the stolen account information is being used, but the stolen email addresses could be used for spam campaigns.

Google has been notified of its existence.

Remember to always review the permissions of an app and check the app’s reviews before installing.  This will aid in keeping you safe while installing apps on any market.  Stay safe out there!

Nathan Collier


Nathan Collier

Full time mobile malware researcher, part time endurance athlete and world traveler. As nerdy about traveling as he is about mobile malware.