Report: Be aware of Android Apps

Report: Be aware of Android Apps

Summary: About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report.

SHARE:
TOPICS: Security, Apps
74

Update: Headline change to reflect that SMobile says it isn't criticizing the Android model

About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.

Some of the apps were found to have the ability to do things like make calls and send text messages without the mobile user doing anything. For instance, five percent of the apps can place calls to any number and two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges, security firm SMobile Systems concluded in its Android market threat report. SMobile is not saying those apps are all malicious, but is making the point that there is a potential for abuse.

Meanwhile, dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of emails and text messages, phone call information, and device location, said Dan Hoffman, chief technology officer at SMobile Systems.

For more on this story, read Report says be aware of what your Android app does on CNET News.

Topics: Security, Apps

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

74 comments
Log in or register to join the discussion
  • RE: Report: Android Apps expose private data

    The price of "free".
    hill60
  • Android --> Spyware? there's 9600 apps for that! LMMFAO!!

    OMG!!
    doctorSpoc
  • Sounds like Zone alarms

    "Android requires application developers to declare the permissions their application will need in order to interact with the system and its data. As a result, SMobile has incorporated patent pending technology to use application permissions and other identifying attributes to determine what an application can do and subsequently, identify Spyware and other malicious applications.. This provides a prime opportunity to identify an application that is trying to access sensitive data or communications and then assist the user in determining if this access is truly necessary for an application."

    Sounds like they're selling a firewall like ZoneAlarm, that pops up a warning when an application requests some data. Filtered by the permissions, so if the application is not flagged to obtain the contents of an email, popping up a false positive would be dumb, so it looks like they filter for the permissions.

    He's basically claiming 20% of applications are flagged to request some permission to some private data on the phone.
    guihombre
    • RE: Report: Android Apps expose private data

      @guihombre Right. He's kind of missing the point. If an application accesses my contacts to, for example, display pictures of all my contacts in a graphical way, that's not a security breach, and the application can't do it unless I explicitly ALLOW it when it asks during installation. It puts the power (and the responsibility) into the hands of the user. Now whether that's a good idea or not is up for debate. Most people just click "Allow" on everything without bothering to read it - a by-product of too many EULAs and Terms & Conditions I think - so there could be significant identity theft issues here.
      timothyt@...
      • RE: Report: Android Apps expose private data

        @timothyt@... Great example!

        Now try explaining this away: "two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges."

        I sure can see the utility of apps that "send unknown SMS messages to premium numbers that incur expensive charges" with your explicit permission.

        I say, Android is now ready to be adopted by enterprise.
        peter02l
  • curated

    maybe it's time for adware/spyware company google to have a more curated approach to their app market. waiting for the first android virus to spread ...
    banned from zdnet
    • Sounds to me like it's already spreading.

      @banned from zdnet [i]"... five percent of the apps can place calls to any number and two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges,..."[/i]

      Now I KNOW I don't want Android!
      Vulpinemac
      • RE: Report: Android Apps expose private data

        @vulpine@... So you install an application, it tells you BEFORE installation that "This application requires access to your phone in order to make calls and send text messages. Proceed?" and now Android isn't secure. How is being informed of exactly what the app requires from your phone to work and asking you to confirm these access rights a break down in the OS? If that was the case, Windows should have died years ago.
        garethmcc
    • Apple's Thought Police Out in Full Force! lol... :D

      @banned from zdnet Hey banned.... since you're such an avid Apple freak, why don't you tell that to SMobile? So they can help Apple clear up their's and AT&T's Personal Data Leaks in Apps, Safari Browser, Account Profiles, etc!

      SMobile SCREAMS FIRE..... when there hasn't even been a match lit on Android. haha.... As compared to Apple and AT&T's whipping out your personal iPhone account data (no other phones affected) and their iOS's Browser getting dumped on in the opening minutes of PWN2OWN! ;)

      You Apple iNazis should learn to keep your mouths shut until you really have something to scream about. lol.... In the meantime Chrome has been declared the most Secure Browser and yet to fall at PWN2OWN! ....and it's now on more PC's than Safari, so what does that tell you?

      #1 If you own iPhone, iPad or iPod Touch..... change your Service Provider! ....(oh yeah you can't)

      #2 In America you are as locked in to AT&T as you are into Apple's Fascist Garden Walled iOS. So what can you do? Jail Break your devices and unlock them? lol... El Steve-o would take a dim-witted view of that!

      In the meantime you all are just sitting ducks, stuck behind a paper thin Garden Wall that can go up in flames with the stroke of a Hacker! .....in your face straight up, you are all doomed with only the protection of Apple's Thought Police. While they attempt to erase and throw the competition "Down the Memory Hole" of what the REAL WORLD is like, on the Web with things like FLASH! ....and btw.. the latest version of FLASH includes Hardware Accelerated SPEED and Energy Efficient Security that hasn't been attacked.... nor is it likely and that even on Android and every other mobile OS Platform! :D

      So enjoy your vanilla flavored iOS that restricts you from using the full hardware capability of the hardware. Hardware that is bound to have Android running on it soon. Because it's the same chip as what Samsung makes for Apple as they do themselves, with their Hummingbird A8. That.... btw will have FULL Multi-Tasking (not fake task switching), Full Flash, full 3G Video Conferencing, even on your own AT&T (screwed for Apple only) Network! ;)
      i2fun@...
      • So, do ya think...

        ...your widdle spiel is gonna get everybody to give up their iPhone?<br><br>lol... :D
        ubiquitous one
      • RE: Report: Android Apps expose private data

        @i2fun@... tell us when you get your GED
        gennx30
      • Intelligence isn't Issued like toilet paper in the Military!

        @gennx30 So you might want to tell that to your "Thought Police". But be sure to have your bags packed for your ride down their memory hole to hell! ;)

        BTW... I've worked in commercial networking for 20 years. I'm also what you might call a code warrior. That's somebody that codes on multiple platforms and languages. I'm not speaking of human languages (although I speak several and English isn't even my primary language). I can even code in Objective C FYI
        i2fun@...
  • Conflict of interests.

    So, a company that sells security software for mobile platforms is telling us that our mobile platforms are not secure per se... uhm, interesting.

    No, wait, it is not.
    JordiFenix
    • faulty logic

      @JordiFenix
      there is no security software that can be installed on android phones that help against apps that are basically spyware. even if this company wanted to it couldn't sell you anything.

      when 20% of the apps on the android market are spyware you should listen and think about your platform of choice. oh wait, the whole google business model revolves around adware and spyware.
      banned from zdnet
      • RE: Report: Android Apps expose private data

        @banned from zdnet

        "there is no security software that can be installed on android phones that help against apps that are basically spyware. even if this company wanted to it couldn't sell you anything.

        Gee, that's funny. According to the SMobile Systems website, they do....

        http://www.smobilesystems.com/online-store/
        babyboomer57
      • RE: Report: Android Apps expose private data

        @banned from zdnet <br>Then again, if they say, as a "generic buzz": "warning, android applications are bad! They spy on you!" Most non-tech savvy users will rush to ANY solutions that they feel enhance they security. Look no further! SMobile Systems themselves offer such solution.<br><br>Look, I know most applications look into your data. The data they are supposed to look at is specified before you install those applications. Read the info before you install and, if you don't feel confortable with that, don't install the application. Otherwise: pebkac (we should update that to reflect the reality of mobile phones by the way...pebtsac= problem exists between tactile screen and chair?).<br><br>Most people, me included, doesn't have anything in their phones that is really worth to be spied upon. They simply look where you are (geolocation) and maybe what you are interested in (your search history) so they can offer ads better suited to your interests. <br><br>Having ads all around us seems to be unavoidable. Those ads can be well targeted at least, and that is what Google gives you. And you know what? Sometimes you actually find something useful and interesting thanks to well-targeted ads.
        JordiFenix
      • pulezze

        @babyboomer57
        you understand the word spyware? no? then please don't comment. they sell antivirus, antispam and security apps. there is no app they can sell that protects you from other apps that are spyware.

        the only one that could protect you from this threat is google, if they would curate their store and would not allow spyware apps in it. but of course they don't.

        please first try to understand the topic then post.
        banned from zdnet
      • can't you read?

        @JordiFenix

        didn't you read the article?
        when you install your app does it ask you if you allow to:

        - make calls and send text messages without the mobile user doing anything
        - place calls to any number
        - to send unknown SMS messages to premium numbers that incur expensive charges

        did you read the article or are you only to afraid that your whole "so open!" android meme is about to collapse?
        banned from zdnet
      • RE: Report: Android Apps expose private data

        @banned from zdnet

        See, as usual, you are the one that can't read.
        From the SMobile home page:

        "SMobile?s Management Console, Anti-Theft and Identity Protection and Parental Control applications provide users with complete mobile security against viruses, [b]spyware[/b] and network attacks"

        As far as even needing the protection, as several people have pointed out already, you are told before you even download an Android app what it has access to on your phone. If you don't like it, don't install it. Simple.
        babyboomer57
      • RE: Report: Android Apps expose private data

        @banned from zdnet

        To quote:
        when you install your app does it ask you if you allow to:

        - make calls and send text messages without the mobile user doing anything
        - place calls to any number
        - to send unknown SMS messages to premium numbers that incur expensive charges


        Actually Yes it does. If you go to install an app that does this big huge red letters come up and tell you that this is what the app will do. Pretty much verbatum. You can still install it if you want to. Nothing stopping you. Again this is not a problem. It does come up and tell you this. you can simply hit the back button on the marketplace and not install it. See, as an android user you have choices. Your not locked into the "We are apple and we decide what is best for you and you will love us for it" mentality.
        BOUND4DOOM