Controversy over Japanese app that published up to 760,000 personal addresses

A security firm says the Android app put up to 760,000 address book entries from 3,400 users into a searchable public database

An online debate has broken out over a Japanese mobile app that may have published as many as 760,000 address book records from its users in a publicly searchable database.

The mobile app, called "Zenkoku Denwacho," or "Nationwide Telephone Directory," was a free piece of software for Android phones that says it provides a database of Japanese phone numbers, names and some location information for private individuals and businesses. One "feature" of the app, which has been removed from the Google Play online store, was that it accessed the address books of users, including GPS data, then added that information to its public records.

On Tuesday, Japanese security firm NetAgent posted a blog entry calling the software "malicious" and saying it stole the information from users. But on download pages that were still online Wednesday, the app's description states that it is creating a national database and will "use" information from users' address books and GPS readings, adding them to its existing database of 38 million records taken from other online databases.

NetAgent said the app, which has been live since September, had been downloaded about 3,400 times and that as many as 760,000 address book records had been uploaded, without revealing how it reached those numbers.

Japanese media reported that police were investigating, though it was unclear if any crime had been committed. A police spokesman declined to comment on Wednesday.

In blogs and Twitter entries, an online debate ensued about the app and its similarity to other popular services in Japan, such as Line, a social network that also uploads user address books.

"It is impossible for me to totally protect against my data being uploaded to a Line server by one of my acquaintances," wrote one blogger in an entry about the incident, on a Japanese blog called "I Believe in Technology."

Comments on pages that linked to the app's former location on the Google Play store also noted the possibility of abuse, as it required access to address records as a prerequisite for installation.

"This might be dangerous?" wrote one reviewer.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jay Alabaster

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts