madison
Home / News & Blogs

Report: Be aware of Android Apps

Elinor Mills CNET News | June 23, 2010 4:28 AM PDT

Summary

About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report.

Topics

Private Data, App, Security

Update: Headline change to reflect that SMobile says it isn't criticizing the Android model

About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.

Some of the apps were found to have the ability to do things like make calls and send text messages without the mobile user doing anything. For instance, five percent of the apps can place calls to any number and two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges, security firm SMobile Systems concluded in its Android market threat report. SMobile is not saying those apps are all malicious, but is making the point that there is a potential for abuse.

Meanwhile, dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of emails and text messages, phone call information, and device location, said Dan Hoffman, chief technology officer at SMobile Systems.

For more on this story, read Report says be aware of what your Android app does on CNET News.

Talkback Most Recent of 74 Talkback(s)

  • RE: Report: Android Apps expose private data
    The price of "free".
    ZDNet Gravatar
    hill60
    23rd Jun 2010
  • Android --> Spyware? there's 9600 apps for that! LMMFAO!!
    OMG!!
    ZDNet Gravatar
    doctorSpoc
    23rd Jun 2010
  • Sounds like Zone alarms
    "Android requires application developers to declare the permissions their application will need in order to interact with the system and its data. As a result, SMobile has incorporated patent pending technology to use application permissions and other identifying attributes to determine what an application can do and subsequently, identify Spyware and other malicious applications.. This provides a prime opportunity to identify an application that is trying to access sensitive data or communications and then assist the user in determining if this access is truly necessary for an application."

    Sounds like they're selling a firewall like ZoneAlarm, that pops up a warning when an application requests some data. Filtered by the permissions, so if the application is not flagged to obtain the contents of an email, popping up a false positive would be dumb, so it looks like they filter for the permissions.

    He's basically claiming 20% of applications are flagged to request some permission to some private data on the phone.
    ZDNet Gravatar
    guihombre
    23rd Jun 2010
  • RE: Report: Android Apps expose private data
    @guihombre Right. He's kind of missing the point. If an application accesses my contacts to, for example, display pictures of all my contacts in a graphical way, that's not a security breach, and the application can't do it unless I explicitly ALLOW it when it asks during installation. It puts the power (and the responsibility) into the hands of the user. Now whether that's a good idea or not is up for debate. Most people just click "Allow" on everything without bothering to read it - a by-product of too many EULAs and Terms & Conditions I think - so there could be significant identity theft issues here.
    ZDNet Gravatar
    timothyt@...
    23rd Jun 2010
  • RE: Report: Android Apps expose private data
    @timothyt@... Great example!

    Now try explaining this away: "two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges."

    I sure can see the utility of apps that "send unknown SMS messages to premium numbers that incur expensive charges" with your explicit permission.

    I say, Android is now ready to be adopted by enterprise.
    ZDNet Gravatar
    peter02l
    23rd Jun 2010
  • curated
    maybe it's time for adware/spyware company google to have a more curated approach to their app market. waiting for the first android virus to spread ...
    ZDNet Gravatar
    banned from zdnet
    23rd Jun 2010
  • Sounds to me like it's already spreading.
    @banned from zdnet "... five percent of the apps can place calls to any number and two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges,..."

    Now I KNOW I don't want Android!
    ZDNet Gravatar
    vulpine@...
    23rd Jun 2010
  • RE: Report: Android Apps expose private data
    @vulpine@... So you install an application, it tells you BEFORE installation that "This application requires access to your phone in order to make calls and send text messages. Proceed?" and now Android isn't secure. How is being informed of exactly what the app requires from your phone to work and asking you to confirm these access rights a break down in the OS? If that was the case, Windows should have died years ago.
    ZDNet Gravatar
    garethmcc
    24th Jun 2010
  • Apple's Thought Police Out in Full Force! lol...
    @banned from zdnet Hey banned.... since you're such an avid Apple freak, why don't you tell that to SMobile? So they can help Apple clear up their's and AT&T's Personal Data Leaks in Apps, Safari Browser, Account Profiles, etc!

    SMobile SCREAMS FIRE..... when there hasn't even been a match lit on Android. haha.... As compared to Apple and AT&T's whipping out your personal iPhone account data (no other phones affected) and their iOS's Browser getting dumped on in the opening minutes of PWN2OWN! wink

    You Apple iNazis should learn to keep your mouths shut until you really have something to scream about. lol.... In the meantime Chrome has been declared the most Secure Browser and yet to fall at PWN2OWN! ....and it's now on more PC's than Safari, so what does that tell you?

    #1 If you own iPhone, iPad or iPod Touch..... change your Service Provider! ....(oh yeah you can't)

    #2 In America you are as locked in to AT&T as you are into Apple's Fascist Garden Walled iOS. So what can you do? Jail Break your devices and unlock them? lol... El Steve-o would take a dim-witted view of that!

    In the meantime you all are just sitting ducks, stuck behind a paper thin Garden Wall that can go up in flames with the stroke of a Hacker! .....in your face straight up, you are all doomed with only the protection of Apple's Thought Police. While they attempt to erase and throw the competition "Down the Memory Hole" of what the REAL WORLD is like, on the Web with things like FLASH! ....and btw.. the latest version of FLASH includes Hardware Accelerated SPEED and Energy Efficient Security that hasn't been attacked.... nor is it likely and that even on Android and every other mobile OS Platform! grin

    So enjoy your vanilla flavored iOS that restricts you from using the full hardware capability of the hardware. Hardware that is bound to have Android running on it soon. Because it's the same chip as what Samsung makes for Apple as they do themselves, with their Hummingbird A8. That.... btw will have FULL Multi-Tasking (not fake task switching), Full Flash, full 3G Video Conferencing, even on your own AT&T (screwed for Apple only) Network! wink
    ZDNet Gravatar
    i2fun@...
    23rd Jun 2010
  • So, do ya think...
    ...your widdle spiel is gonna get everybody to give up their iPhone?

    lol... grin
    ZDNet Gravatar
    ubiquitous one
    24th Jun 2010
  • RE: Report: Android Apps expose private data
    @i2fun@... tell us when you get your GED
    ZDNet Gravatar
    gennx30
    24th Jun 2010
  • Intelligence isn't Issued like toilet paper in the Military!
    @gennx30 So you might want to tell that to your "Thought Police". But be sure to have your bags packed for your ride down their memory hole to hell! wink

    BTW... I've worked in commercial networking for 20 years. I'm also what you might call a code warrior. That's somebody that codes on multiple platforms and languages. I'm not speaking of human languages (although I speak several and English isn't even my primary language). I can even code in Objective C FYI
    ZDNet Gravatar
    i2fun@...
    25th Jun 2010
  • Conflict of interests.
    So, a company that sells security software for mobile platforms is telling us that our mobile platforms are not secure per se... uhm, interesting.

    No, wait, it is not.
    ZDNet Gravatar
    JordiFenix
    23rd Jun 2010
  • faulty logic
    @JordiFenix
    there is no security software that can be installed on android phones that help against apps that are basically spyware. even if this company wanted to it couldn't sell you anything.

    when 20% of the apps on the android market are spyware you should listen and think about your platform of choice. oh wait, the whole google business model revolves around adware and spyware.
    ZDNet Gravatar
    banned from zdnet
    23rd Jun 2010
  • RE: Report: Android Apps expose private data
    @banned from zdnet

    "there is no security software that can be installed on android phones that help against apps that are basically spyware. even if this company wanted to it couldn't sell you anything.

    Gee, that's funny. According to the SMobile Systems website, they do....

    http://www.smobilesystems.com/online-store/
    ZDNet Gravatar
    babyboomer57
    23rd Jun 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity