ASIA NEWS NETWORK
WE KNOW ASIA BETTER
Publication Date : 31-10-2012
Five people, including the owner of an information technology-related company, were arrested in Japan yesterday on suspicion of providing a virus built into smartphone applications that stole more than 10 million pieces of personal information from users' address books.
The Metropolitan Police Department (MPD) said about 90,000 people's smartphones were infected with a virus lurking in applications they downloaded.
According to the MPD, this is the first case established to deal with such a large information theft in Japan.
Investigative sources said a man who runs an IT-related company allegedly created video applications for Android smartphones containing a virus that extracts personal information stored on the phone. In collusion with a woman who is the former president of another Tokyo-based IT-related firm, the man released the apps on Google Inc.'s official store for free in late March. He is suspected to have had the malicious apps transmit personal information, including telephone numbers and e-mail addresses, to an external server.
The MPD found that more than 10 million pieces of personal information remain on the server. So far, the police said the stolen information has apparently not been used for nefarious purposes.
The MPD said it will investigate the motive for the crime.
The free apps were marketed to customers by affixing the phrase "the Movie" to existing popular game titles. When the apps are downloaded and activated, they can automatically transmit personal data.
Upon downloading the apps, a pop-up message asks users for permission to access contact information. However, the message does not explain that information stored in a user's address book will be transmitted. Therefore, the MPD judged the apps did not obtain user consent to transmit the data.
Creating viruses for computers and smartphones was criminalised under the revised Penal Code that was enacted in July last year. The code bans distributing computer viruses over the Internet and other actions. Violators face up to three years in prison or fines of up to 500,000 yen (US$6,280.6)
The MPD has been investigating the case since April, when it was reported that personal information of several million people was potentially leaked via malicious Android smartphone apps.
The free apps had reportedly been downloaded up to 270,000 times.
Osaka man arrested over viruses
The Kyoto prefectural police arrested yesterday an executive of a company related to an Osaka dating service site on suspicion of keeping similar apps on the company's server.
According to the police, Kazuhiro Ri of Osaka, an executive of MobyDick, was suspected of keeping five virus-infected apps for Android smartphones on a server in Tokyo on August 10. He admitted the allegation.
The apps claimed to improve battery life and signal reception. However, when activated, the apps actually automatically transmit personal information in a user's address book to the company's server.
The police said the company sent an unspecified number of smartphone users an e-mail advertising the apps, which were downloaded by about 3,500 people nationwide.