android-fail3

Report: Android apps expose private data

June 23, 2010 - Written By Chris Yackulic

About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.

And some of the apps were found to have the ability to do things like make calls and send text messages without the mobile user doing anything. For instance, 5 percent of the apps can place calls to any number and 2 percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges, security firm SMobile Systems concluded in its Android market threat report.

Meanwhile, dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mails and text messages, phone call information, and device location, said Dan Hoffman, chief technology officer at SMobile Systems.

“Just because it’s coming from a known location like the Android market or the Apple App store (with the iPhone) doesn’t mean you can assume that the app isn’t malicious or that there is a proper vetting process,” he said.

There is not always a good way to check up on the reputation of the developers of apps; many developers use aliases or don’t have information linking to a company Web site. For those who want to download apps without having to worry there is antispyware software from SMobile Systems and others.

“There are known spyware apps that are on the market,” Hoffman said. “It’s a growing problem.”