Sign in with
Sign up | Sign in

Study: Be Mindful of Your Android App Permissions

By - Source: Tom's Guide US | B 23 comments

While iPhone users are busy worrying about Apple's latest admission that it can share your precise location with its partners, Android users are being warned to keep an eye on the permissions of the apps they download.

A new report claims that as much as a fifth of all Android applications allow a third-party application access to sensitive or private information. CNet reports that a recent report from security firm SMobile Systems says five percent of 48,000 downloadable apps in the Android marketplace can place calls to any number without the user doing anything and 3 percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges.

SMobile Systems' report says 5,783 applications in the Market request three or more notable permissions with notable permissions being ones that grant access to personal identifying information, location or service that could be used maliciously. Twenty-nine applications were found to request the exact same permissions as known spyware (and have been categorized and detected as such by SM), eight applications explicitly request a specific permission that would allow the device to brick itself, or render it absolutely unusable. 

"Just because it's coming from a known location like the Android market or the Apple App store doesn't mean you can assume that the app isn't malicious or that there is a proper vetting process," Dan Hoffman, Chief Technology Officer at SMobile Systems, is quoted as saying.

Spyware is becoming more of a problem as the smartphone market continues to grow at a rapid rate. With these kinds of devices becoming more affordable and all kinds of people developing applications, it's hardly surprising that some people are developing apps to harvest information on the sly.

Check out the report for yourself here (pdf warning).

[Updated at 09:15 PT to better reflect the SMobile report and to include comments from Google] Google's Jay Nancarrow has refuted the claims made by SMobile Systems, highlighting the fact that Android users must give an app permission to access any and all information. Nancarrow also states that all devs must go through billing background checks to confirm their identities and any apps deemed to be malicious are removed.

"This report does not signal any security issues in Android. It falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious."

SMobile Systems concedes the vast majority of apps developed for Android are safe, but goes on to warn that users have no way of knowing if an app is only doing what it's supposed to.

It seems the biggest problem SMobile Systems has is that a lot of people just click 'accept' when Android notifies them of the access certain applications require.

"The fact remains that there is no means available for a user to know for sure that the app the user just downloaded is doing only what the user sees it doing. One must look at the permissions requested to determine what the applications true capabilities might be."

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 24 Hide
    Anonymous , June 24, 2010 2:50 AM
    Jane,

    I'm with the Google Communications team. This report does not signal any security issues in Android. It falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.

    I would appreciate it if you would update your article. You will also probably be curious to note the changes that have been made to the CNET article you cite.

    Jay Nancarrow
    Google Communications
  • 16 Hide
    Anonymous , June 24, 2010 2:00 AM
    Rain maker makes rain...

    Much better analist of the situation.
    http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=225701214&cid=RSSfeed_IWK_News

    It amazes me how every 1/2 assed online tech writer just repeats the crap they read somewhere else.
Other Comments
  • -9 Hide
    the_krasno , June 24, 2010 1:23 AM
    The fault is of Google for not properly supervising the Android marketplace, and then of the customer for not reading the damn EULA before installing unknown software.
  • Display all 23 comments.
  • 16 Hide
    Anonymous , June 24, 2010 2:00 AM
    Rain maker makes rain...

    Much better analist of the situation.
    http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=225701214&cid=RSSfeed_IWK_News

    It amazes me how every 1/2 assed online tech writer just repeats the crap they read somewhere else.
  • 0 Hide
    matt314 , June 24, 2010 2:19 AM
    ^+1
  • 1 Hide
    skeetercus , June 24, 2010 2:24 AM
    In other news, Windows computers are boring and every one of them comes with millions of viruses pre-installed. I swear, I saw it in a commercial made my Apple, a completely independent third party company with no vested interest in portraying Windows PCs in a negative light.

    Seriously, this is now like the 20th website I've seen this same "report" (read: advertisement). Its from a company that makes anti-malware software for android (among other OS's). Of course they are going to say that android apps are all malware. How long does it really take to realize this? It amazes me to see people discussing this like its a legitimate report.
  • 24 Hide
    Anonymous , June 24, 2010 2:50 AM
    Jane,

    I'm with the Google Communications team. This report does not signal any security issues in Android. It falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.

    I would appreciate it if you would update your article. You will also probably be curious to note the changes that have been made to the CNET article you cite.

    Jay Nancarrow
    Google Communications
  • 1 Hide
    j51 , June 24, 2010 3:04 AM
    Thanks Jane!!!

    I guess.... there is no smartphone that is safe.. unless we stay with the one that nobody use it...lol

    Though some common sense definitively help.. but to be honest.. quite a few app did do a good job to make us believe it is real... like the famous Bank of America app for Android...


  • 1 Hide
    wintermint , June 24, 2010 3:08 AM
    Why give the stats to Android and then later mention Apple w/o giving their stats? Sounds bias here...
  • 6 Hide
    j51 , June 24, 2010 3:11 AM
    ekeefe41Rain maker makes rain...Much better analist of the situation.http://www.informationweek.com/new [...] d_IWK_NewsIt amazes me how every 1/2 assed online tech writer just repeats the crap they read somewhere else.


    hmm... thanks for providing the story from another side (google).

    However, just like I do not believe everything Apple said... I do not believe 100% what Google says too.

    Just like the article you have point out... even the author said

    "The doubling of malware and spyware in the last six months is significant," he said. "

    No matter it is 1 out of five or not... the danger is definitively there.

    People just need to stay on the common sense more and well.. download and pray...:p 

  • 2 Hide
    j51 , June 24, 2010 3:14 AM
    wintermintWhy give the stats to Android and then later mention Apple w/o giving their stats? Sounds bias here...


    Remember ... Apple has a "big brother" there... "nobody are suppose to steal your information.... unless is from me!!"...;)

    lol
  • 0 Hide
    brando56894 , June 24, 2010 3:32 AM
    At first I though this was going to be something about spyware and such but its info that every android user knows since when you install an app it tells you what parts of the OS it has access to and what it will be able to do! Wave secure can send "hidden" text messages, does that make it malware? Umm no, its one of the best android security apps out there!
  • 1 Hide
    JonnyDough , June 24, 2010 3:56 AM
    I had a Droid, but when its calling people that are on my friend's contact list on the same plan...and every simple game I install has access to things like my contact list...I start to take issue. I'm sorry but its Verizon or Google's fault, but that phone I can tell you has some major issues with security.
  • 0 Hide
    photoguru , June 24, 2010 6:28 AM
    Next up: Tinfoil underwear and carbon credits
  • 2 Hide
    Saljen , June 24, 2010 6:37 AM
    Lol. Let's see the same study done on the AppStore... oh wait, no one has the balls to do that... they'd have a law suit faster than they could say Frozen Yogurt.
  • 0 Hide
    eusebe , June 24, 2010 9:25 AM
    Boh,
    I think this is still nice compared to Facebook or even Apple (with their new "auto-proclamed" right to pick-up and share info on where you are using your Eye-Phone (big brother?)...
  • -1 Hide
    kartu , June 24, 2010 9:39 AM
    Pro apple bias again.

    After realizing even on Anand's site they are afraid of showing iStuff in a bad light, removing it from comparison fotos, not to demonstraty how badly they suck (contrast, for example) I am not surprised.

    PS
    http://www.dula.tv/blog/wp-content/uploads/2010/01/stone-vs-ipad.png
  • 1 Hide
    romion , June 24, 2010 10:02 AM
    @ kartu 06/24/2010 11:39 AM

    hahahahaha:) ))))) Thats funny, vvvv funny. best post
    10+
    and is true
    hahahahaha
  • 0 Hide
    theuerkorn , June 24, 2010 11:49 AM
    Amazing though how a "report" about a security risk is being brushed away by some apparent Droid fans. Apparently Apple fanboys are beaten into submission and don't use this opportunity to bash Android. At the same time all this defensive attitude is fun to watch too. (Now if it would read "Apple" instead of Android ... )

    Repeat or not, it's something to be aware of on probably every system, but the magnitude should make people think about where they place their trust. I've been thinking this many times, what if a "developer" decides to snoop out your online banking data and what else sensitive you're doing on your phone ... .
  • 2 Hide
    drksilenc , June 24, 2010 1:24 PM
    JonnydoughI had a Droid, but when its calling people that are on my friend's contact list on the same plan...and every simple game I install has access to things like my contact list...I start to take issue. I'm sorry but its Verizon or Google's fault, but that phone I can tell you has some major issues with security.

    just watch what apps you download... read what there accessing before u install. this happens on all mobile apps. google is just the first to actually warn you what there accessing
  • -4 Hide
    ecnovaec , June 24, 2010 1:38 PM
    I hate to sound like some college frat douche, but ARTICLE FAIL!
  • -1 Hide
    house70 , June 24, 2010 2:22 PM
    Jay NancarrowJane,I'm with the Google Communications team. This report does not signal any security issues in Android. It falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.I would appreciate it if you would update your article. You will also probably be curious to note the changes that have been made to the CNET article you cite.Jay NancarrowGoogle Communications

    +1000

    pwned...
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS