Insecurity and Spyware Among Android Apps in the Android Market
by Antonio Wells
Jun 23, 2010 7:36 AM –
In a threat analysis report published by SMobile Systems, findings show about 20% of Android applications allow access to private data that could possibly be used maliciously. This is a real eye opener as some apps request many permissions upon download, some which do not seem necessary but when the full feature set of the app is examined, those permissions are justified. The key takeaways from this report is that a small number of apps are purposely malicious on the Market, yet still an issue of frightening concern.
Key Findings from the Threat Analysis:
- One in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes.
- One out of every twenty applications has the ability to place a call to any number without interaction or authority from the user.
- 29 applications were found to request the exact same permissions as applications that are known to be spyware and have been categorized and detected as such by SMobile’s solution.
- 8 applications explicitly request a specific permission that would allow the device to brick itself, or render it absolutely unusable.
- 383 applications were found to have the ability to read or use the authentication credentials from another service or application.
- 3% of all of the Market submissions that have been analyzed could allow an application to send unknown premium SMS messages without the user’s interaction or authorization.
This is the curse portion of the rapidly growing gift of Android; due to the open nature and zero vetting process of Google’s Android Market, vulnerabilities can be exploited. The user community is left to call out inappropriate activities. What are your thoughts on the issue, comment below.
[Source SMobile Systems via Read Write Web]