One-Fifth Of Android Apps Said To Pose Security Risks

    June 23, 2010

Everyone would do well to show a little caution when browsing the Android Market, according to a new report.  SMobile Systems – which specializes in security issues pertaining to mobile phones and the wireless infrastructure – believes 20 percent of the available applications allow third parties access to info better left unshared.

Indeed, according to a statement the company released, 20 percent of Android apps "grant a third party application access to private or sensitive information that an attacker could use for malicious purposes, such as Identity Theft, mobile banking fraud and corporate espionage . . ."

Things get worse, too.  SMobile determined that five percent of apps can place calls without any action on the user’s part, and two percent can send out premium SMS messages unsupervised.  Then the table below conveys most of the organization’s other findings, which should be enough to worry anyone.

Neil Book, SMobile’s CEO, observed, "The Android operating system and the Android Market are quickly becoming the most widely used mobile platform and app store in the world.  There are individuals and organizations out there right now, developing malicious code designed to capture your most personal information and use it to their advantage."

The owners of Android devices should consider doing a little research before downloading an app, then, making sure that the developers have a good track record.  Or owners can at least pay more attention to how many other people have downloaded an app, since the odds of someone discovering any security threat must increase in step with the number of users.

Anyway, a hat tip goes to Elinor Mills, and we’ll be sure to follow up if Google addresses this issue in a significant fashion.

UPDATE: Sure enough, Google’s Jay Nancarrow responded in the comments section, stating, "This report falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious."