Quantcast

One-Fifth Of Android Apps Said To Pose Security Risks

Report finds 20 percent of apps share sensitive info with third parties

Get the WebProNews Newsletter:


[ Technology]

Everyone would do well to show a little caution when browsing the Android Market, according to a new report.  SMobile Systems – which specializes in security issues pertaining to mobile phones and the wireless infrastructure – believes 20 percent of the available applications allow third parties access to info better left unshared.

Indeed, according to a statement the company released, 20 percent of Android apps "grant a third party application access to private or sensitive information that an attacker could use for malicious purposes, such as Identity Theft, mobile banking fraud and corporate espionage . . ."

Things get worse, too.  SMobile determined that five percent of apps can place calls without any action on the user’s part, and two percent can send out premium SMS messages unsupervised.  Then the table below conveys most of the organization’s other findings, which should be enough to worry anyone.

Neil Book, SMobile’s CEO, observed, "The Android operating system and the Android Market are quickly becoming the most widely used mobile platform and app store in the world.  There are individuals and organizations out there right now, developing malicious code designed to capture your most personal information and use it to their advantage."

The owners of Android devices should consider doing a little research before downloading an app, then, making sure that the developers have a good track record.  Or owners can at least pay more attention to how many other people have downloaded an app, since the odds of someone discovering any security threat must increase in step with the number of users.

Anyway, a hat tip goes to Elinor Mills, and we’ll be sure to follow up if Google addresses this issue in a significant fashion.

UPDATE: Sure enough, Google’s Jay Nancarrow responded in the comments section, stating, "This report falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious."

One-Fifth Of Android Apps Said To Pose Security Risks
Top Rated White Papers and Resources
  • Guest

    Pure junk article, the apps tell you what permissions you are granting when you install them. This news just in, apps that ask for permission use them…

  • Guest

    I’m not sure I understand the point of the story — there’s nothing stealth here, since Android requires users to explicitly grant these permissions to the applications (e.g. no application can access your phone dialer unless you say it can).

    Are you trying to argue that too many applications are asking for permissions they don’t need, or that users don’t pay enough attention to the permissions they grant?

  • Jay Nancarrow

    Doug,

    I’m with the Google Communications team. This report falsely suggests that Android users don

  • Guest

    He’s simply saying that when you install an app and give it permission, from that point on you don’t know exactly what the app is doing. Makes perfect sense to me – anyone that can’t figure it out probably doesn’t know anything about IT anyways and shouldn’t be here posting comments :P

    Sure, you know what permissions you are giving the app at the time of installation, but you can’t control it after that point if it has malicious code inside it. Unless Android makes the permission request continuously pop up for each app like a firewall (which would be very annoying/confusing for non-technical employees), closed source apps can’t be 100% trusted. If the app is open source and we can see the code, then I would trust it, but until then, giving an app permission to do whatever could be a threat to private information.

  • GM3 cons

    Users should be allowed to deny or change default privileges asked by applications.

    1. yes apps tell you what they will be accessing while installing
    2. there is NO specific second confirmation for specific risky operations

    In contracts we sign the contract and specific clausoles (clausole vessatorie in italy) which are important points to be clear about.

    No application needs to access credentials, accounts and many more. Also internet access is not required by many apps but they still require it!

    To share content there is no need to access internet but the internal routine that allows to share with various other apps/protocol managers.

    So I use droidwall (root firewall frontend to iptables) whitelisting specific apps I want to reach internet. Unfortunately this is not enough.

    I would like a permission changer by default in android.

    Applications can access and will access your data and actually sniffing all the app does is impossible as there could be an event based (time or operation) upload of personal information to a server run by application designer.

    I actually believe iPhone/iPad’s applications are safer as of the sandbox and limitations they get.

    Still android is more versatile for what apps can actually do.

    I would seriously demand a permission changer interface, where you get to see what app accesses each permission, with chance to deny it. If the app crashes just uninistall it if firewalling it is not enough.

    Rooting is even more dangerous on this side in absence of an app firewall.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom