A recent article on TechHive.com says that free apps found in the Google Play store are three times more likely to access information found in users’ address books than paid apps.
That was one of the findings in a recent 18-month study of 1.7 million apps in the Google Play store by Juniper Networks, a network solutions company based in Sunnyvale, California.
Free apps were 314 percent more likely to access a user’s address book and 401 percent more likely to track a user’s location than paid apps, Juniper’s researchers found.
What’s more, they discovered that a significant number of applications contain permissions and capabilities to garner information from a user’s handset that’s not necessary for the functionality of the software.
“We also determined these apps had permission to access the Internet, which could provide a means for exposed data to be transmitted from the device,” Juniper security analyst Daniel Hoffman writes in a company blog.
Key findings in the study include:
24.14 percent of free apps, compared to 6.01 percent of paid ads, ask for information to track a consumer’s location.
6.72 percent of free apps, versus 2.14 percent of paid apps, want to access a user’s address book.
2.64 percent of free apps, compared to 1.45 percent of paid apps, request permission to silently send text messages.
6.39 percent of free apps, versus 1.88 percent of paid apps, request permission to secretly initiate calls in the background.
5.53 percent of free apps, compared to 2.11 percent of paid apps, asked for permission to use a handset’s camera.
Granting an application permission to secretly initiate phone calls or send SMS messages should be particularly troublesome to consumers, according to Hoffman.
“An application that can clandestinely initiate a phone call could be used to silently listen to ambient conversations within hearing distance of a mobile device,” he said. “Similarly, access to the device camera could enable a third party to obtain video and pictures of the area where the device is present.”
Giving an app free rein to send SMS messages is not only a way to siphon information from a handset without its owner’s knowledge, the study notes, but can be used to send text messages to premium services that will line up a consumer’s phone bill and line the pockets of cybercriminals.
Juniper’s researchers said that certain categories of free apps were worse than others in leaching personal information from a handset for no apparent functional reason. Racing games are such a category. This category contains the highest number of applications that would be considered a newly discovered malware, the researchers note.
Juniper isn’t alone in recent days in its severe analysis of the Android app market. Bit9 also released a report estimating that one out of every four Android apps to be a security risk.
For its part, Google is making efforts to make the Android ecosystem more secure for consumers. For example,it was recently reported that the next version of the Google Play store app will examine all the apps on a handset to determine if any of them contain malware signatures. The app will also warn a user when they try to download an app that it thinks is bad for a handset.
We’ve talked before about the difference between Android and iOS. One of those is that Android users tend to use less apps than iOS users…and, their app purchases rank far below Apple’s mobile platform. (I actually had an Android user once say to me, as he looked through the apps on my iPhone, “You actually PAID for some of these?”)
Studies have shown that Android owners use their phones more for text messaging, games, email, photos, web surfing, etc. Why, some even use them as PHONES! (The horror!)
So, contaminating free apps with malware and the like is akin to shooting fish in a barrel.
This is one of the reasons I become so upset over the argument Android users always have: “Well, Android is sooo much better because it’s open-source. I can put whatever I want on my phone, you guys at Apple have to go through that whole App Store thing you have.”
Yes…but why would you WANT to? Some unknown app on your phone with access to your stuff that should be private is not a good idea. You wouldn’t allow an angry dog near your newborn baby, would you? The parallels are obvious.
Listen: open-source IS better…in a more perfect world. In such a place, there wouldn’t be individuals with a nefarious agenda bent on stealing things like your money and your identity. With no one to watch over them, these apps are designed to do just that.
If you are an intelligent Android user–please pay attention to this. Don’t allow your platform to be tarnished by the many who don’t care. Pass along this warning to your fellow Android users, to help protect them.
Don’t allow Android to become a “Mad Max” wasteland, full of cyber criminals.