November 5, 2012
26 Percent Of Android Apps Access Personal Data
Lee Rannals for redOrbit.com - Your Universe Online
They found that 26 percent of the apps analyzed can access users' personal data, including contacts and emails.
"A significant percentage of Google Play Store apps have access to potentially sensitive and confidential information," said Harry Sverdlove, chief technology officer for Bit9.
The company said it focused on Google Play applications because more smartphones today run Android than any other operating system.
Criteria for defining an application as "questionable" or "suspicious" included the permissions requested by the application, categorization of the application, user rating, number of downloads, and the reputation of the application's publisher.
During the examination, Bit9 found that 72 percent of the apps used at least one potentially risky permission.
The company also found that 42 percent of applications access GPS location data, and 31 percent access phone calls or phone numbers.
Bit9 said that out of the 400,000 apps analyzed, 9 percent use permissions that can cost the user money.
"When a seemingly basic app such as a wallpaper requests access to GPS data, this raises a red flag. Likewise, more than a quarter of the apps can access email and contacts unbeknown to the phone user, which is of great concern when these devices are used in the workplace," Sverdlove said.
Bit9 also conducted a survey of IT security decision makers who collectively influence mobile device usage policy for more than 400,000 employees. In this survey, almost three quarters said their organization allows employees to bring their own device to work and access company email, calendar and scheduling.
Of the IT security decision makers surveyed, 78 percent said they feel phone markers do not focus enough on security.
Only 24 percent of companies employ any sort of application control or monitoring to know what applications are running on employees' mobile devices.
"While the majority of organizations allow employees to bring their personal devices to work and connect to the company network, the organizations have little visibility into the privacy and security risks the mobile applications on the devices pose to the companies' networks," Bit9 said in a press release.