iOS, Android users won't tolerate 'creepy' app behaviour

iOS, Android users won't tolerate 'creepy' app behaviour

Summary: While the debate continues on whether some of the apps allowed on the App Store and Google Play are malicious, Sophos claims that users are going to make up their minds for businesses by voting with their downloads.


Users won't tolerate mobile apps that engage in the grey area of collecting too much of their customers' information or attempt to monetise too aggressively, according to Sophos Labs, and will end up voting with their downloads.

Sophos Labs manager Sean McDonald said that one of the most concerning issues around application development is that it isn't even clear what applications could be considered malicious.

He argued that some applications need to collect certain data to do their jobs, but in many cases, what is considered malicious or a breach of privacy is highly subjective.

"At what point do you get to where you're harvesting too much information? Is it OK to harvest a unique identifier so that the application and the service knows who it's communicating with? But if you start collecting information about who the mobile carrier is, is that taking it too far?"

Part of the blame comes back to the developer community, which McDonald indicated possibly hasn't matured enough to consider issues of privacy and data protection, even though they might have the best intentions for their customers.

"A lot of the people who are writing applications are probably good guys and girls ... but issues of privacy might not be at the forefront of their mind."

Sophos Labs vice president Simon Reed said that businesses should see this as a warning to carefully consider aspects of their applications other than the financial benefits.

"People who are developing apps need to get the balance right between developing a trust relationship with the person that is using the application and monetising that application," Reed said.

McDonald further warned that if businesses crossed the line and violated their customers' trust, it could be hard to ever gain it back again.

"Users will start to go, 'No, no, I'm not going to use these applications that continually have bad stuff said about them because they are harvesting so much data or not protecting it properly', while the people that offer a similar service, even within that app space, who do the right thing, will build a better brand," McDonald said.

"You've voting with the apps you download."

Topics: Security, Android, Apple, Google, iOS, Malware, Mobile OS, Mobility

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Personally, I reject Android apps that turn on battery-wasting services

    I found a good app for checking which apps eat battery (and thus go places I don't want them to). TrustGo (look it up yourself). The difference in battery life was *days* after I removed apps that continually switched WiFi, BlueTooth etc. on as part of their little advertising grab.

    It's convenience (battery life) over security (I'm careful) but in this case, vetting the apps you're running offers improvements in both.
    • sophos is smoking crack. android users are too

      stupid to care or know any better. They've already voted with their downloads and they've downloaded malware millions of times. almost every android app I can think of ask
      Johnny Vegas
      • While Android does have it's share of malware

        It's not present in every single Android app.
      • Depends...

        Almost all of the malware found on Android comes from Russia and Asia 3rd party app stores.
        Rann Xeroxx
      • Just spent the weekend

        ... cleaning malware off Windows machines. Seems Android users and Sophos aren't the only ones "smoking crack". Windows, where the origin of malware effectiveness can be traced to.

        BTW, I have several Android tablets. Not a single one has any malware. But then, we actually stick with the basic rules for avoiding malware. Whereas, with a Windows machine, you're BUYING the malware along with the machine.
    • Facebook is the worst offender!

      Have you looked at how many permissions that app wants and then when you read through them you nearly fall out if your chair. Obscure ones like control other running apps. I swear my phone is twice as fast after uninstalling it. fb was literally hooked into every service on my phone including watching who I made calls to. For the few times I look at fb, the mobile site suffices.
      That is just one example of apps like this. occasionally I really want an app that takes permissions I don't believe it needs. In those cases I edit the app's manifest with permissions denied and take away the rights. Some apps crash when you do this though.
  • advertising grap..

    ....if you don't want advertising grap, pay for your apps....
  • And yet apps exist

    To show people what their home would look like if someone bombed it.
  • Free or Paid

    The users must learn that there is no free lunch. The companies needs to make money to pay the programmers and designers! The money must come from somewhere!

    The free apps must always have some way to monetize, otherwise, how to survive!??
    • yes but

      Not by stealing data.
      • It isn't stealing

        When you gave permission on install.
    • Easy

      By offering significantly better features than the free version and letting the paid version subsidize the free ones with the expectation that a certain percentage will in fact become paying customers. And/or displaying advertisements or making it time out after a trial period.

      It's called the carrot and the stick.
  • Bandwidth

    The other thing to watch is the amount of bandwidth which an app is using. Some apps are advertised as being lets say 20 Meg, which is fine, but after you have downloaded it, then the real installation starts. I had some apps (amongst others from Gameloft) where the real data cost is eventually closer to 150 Megs. - Then even whilst playing it is still eating data.

    One of the must-have apps is a data monitor to catch these data thieves out.