Free Android Apps can Take Control

Monday, November 5, 2012 @ 10:11 AM gHale

The more you hear about them, mobile apps really do make connections much easier, but free applications do come with a high privacy and security risk, new research said.

An audit of 1.7 million applications on the Android market found free applications are five times more likely to track user location and 314 percent more likely to access user address books than paid counterparts, according to the report by Juniper Networks.

Be Wary of Google Play Apps
Email Signature Holes Fixed
Weak Crypto Keys Fixed
Windows Help Files an Attack Vector

Almost one in four (24.1 percent) free apps requires permission to track location, while only 6 percent of paid apps request this ability. In addition, 6.7 percent of free Android apps have permission to access user’s address book, a figure that drops to 2.1 percent for paid apps.

One common assumption is free apps collect information in order to serve ads from third-party ad networks. While this is true, Juniper found the percentage of apps with the top five ad networks (9 percent) is much less than the total number tracking location (24.1 percent).

Many applications solicit personal information or perform functions not needed for the apps to work. The lack of transparency about who is collecting information and how they use it poses a long term threat for the development of the mobile applications marketplace.

Some apps request permission to clandestinely initiate outgoing calls, send SMS messages and use a device camera. An application that can clandestinely initiate a phone call could silently listen to ambient conversations within hearing distance of a mobile device, Juniper said. Similarly, access to the device camera could enable a third party to obtain video and pictures, as illustrated by the recent proof-of-concept Spyware PlaceRaider 3D mapping app.

One in 40 of free apps request permission to send text messages without notifying users while 1.45 percent does that for paid apps, the research said. Meanwhile, 5.53 percent of free apps have permission to access the device camera, a statistic that drops to 2.11 percent for paid apps. And 6.4 percent of free apps have permission to clandestinely initiate background calls, a figure that drops to just 1.88 per cent for paid apps.

Certain apps categories were particularly bad for privacy, most notably racing games, which are often thinly disguised malware. Card and casino games occupy another problematic category, with the 94 percent bundling the ability to make outbound calls and 84.5 percent including the ability to silently send SMS messages.

Juniper’s research does give a comprehensive look at the state of privacy across the entire Android application environment.

“The analysis of the Google Play market shows the pervasiveness of mobile tracking and where apps could do a better job of disclosing why they need information up front and highlight functionality as a genuine user benefit,” Juniper’s research team said.

Leave a Reply

You must be logged in to post a comment.