In a number of interviews since then the developer, Jackeey Wu, has released a statement denying most of these claims and Lookout has since agreed that only the phone number, subscriber identification & voicemail password (when stored on the phone) were accessed and sent to Wu's server in China.
Wu stated, "I collected the screen size to return more suitable wallpaper for the phone. More and More users emailed me telling that they love my wallpaper apps so much, because that even “Background” can’t well suited the phone’s screen. I also collected device id,phone number and subscriber id, it has no relationship with user data. There are few apps in Android market has the favorites feature. Many users suggest that I should provide the feature so I use the these to identify the device, so they can favorite the wallpapers more conveniently, and resume his favorites after system resetting or changing the phone."
He also included a screenshot from installing one of the apps, showing the permissions used. You can read the entire statement below.
Lookout's clarification on their website says, "While the data this app is accessing is certainly suspicious coming from a wallpaper app, we want to be clear that there is no evidence of malicious behavior. There have been cases in the past where applications are simply a little overzealous in their data gathering practices, but not because of any ill intent."
Regardless of the developer's intentions, the real lesson here is the importance of paying attention to what permissions an app has before installing it. If you don't think it should need a particular permission you should contact the developer before installing or just avoid it entirely.
Jackeey Response