A quarter of the more than 400,000 apps for Android examined Google Play the online store represents security risk for users of the operating system, according to a new survey.
The security vendor Bit9 these apps categorized as “questionable” or “suspicious” because they could get access to personal information to collect GPS data, calls or phone numbers and more after the user has granted “permission” to app . “You have to say ‘yes’, otherwise the application will not work,” said the CTO of Bit9.
Games, entertainment and applications of wallpaper, in particular, seem to want to collect this data, even though their roles have little direct use for them.
Bit9 emphasized that this does not necessarily mean that these apps are malware by itself, but can cause damage if compromised, because users have permission to do so.
It is known that there is 600 000 applications on Google Play and second Sverdlove, Bit9 is now compiling a database of “reputation” of Android apps. The company will also do the same process with other app stores, including Apple and Amazon, to create mobile security products that can protect users based on risk scoring apps.
Approaches based on reputation became commonly used throughout the security industry to protect Web users, for example, against sites infected by malware – and now there is interest in applying similar procedures to analyze the risk associated with mobile applications.
- Bit9 these applications categorized as “questionable” and “suspect” Google Play as follows:
- 42% access GPS location data, and these include apps wallpapers, games and utilities;
- 31% accesses calls or phone numbers;
- 26% access personal data such as contacts and emails;
- 9% charge for usage permissions.
In its report, the Bit9 described his methodology as track Google Play seeking detailed information about the 412 000 mobile applications, including developer, popularity, user rating, category, number of downloads, requested permissions and price.
Of the 412,222 Android apps rated, the company claims that more than 290 thousand of them accessing at least one high-risk information, access five or 86 000 8000 more and 10 or more applications access permissions “flagged as potentially dangerous.“
Bit9 defined risk level according to the relative degrees of privacy invasion and feature set of the application – perhaps the ability to wipe the device or change systems configurations.
The study also included a survey of 138 IT professionals responsible for mobile security for more than 400 thousand users in their organizations. It was found that:
- 78% think that the phone makers do not focus enough on security, but 71% allow the employee bring your own device to access the organization’s network;
- Only 24% implement some form of monitoring or control app granting visibility into devices of employees;
- 84% think that iOS is “safer” than Android and 93% of respondents allow iOS devices to access your network. Only 77% allow use of Android devices and, surprisingly, 13% say allow Android rooted (with owner privileges on the system) or unlocked iPhones (jailbroken) on their networks;
- 96% of which allow the use of personal devices also allow employees to access emails using the device, while 85% only allow access to calendar data company.