The biggest hacker convention of the season called “Black Hat Technical Security Conference” has come and gone and some interesting facts have bubbled to the surface. A mobile security company called “Lookout” has started a little project they call the “App Genome Project“.
The App Genome Project was created to identify security threats in the wild and provide insight into how applications are accessing personal data, as well as other phone resources. To that end, they have analyzed 300,000 apps from Apple’s App Store and Google’s Android Marketplace.
Early findings show:
- 29% of free applications on Android have the capability to access a user’s location, compared with 33% of free applications on iPhone
- Nearly twice as many free applications have the capability to access user’s contact data on iPhone (14%) as compared to Android (8%)
- 47% of free Android apps include third party code, while that number is 23% on iPhone*
* Examples of third party code includes code that enables mobile ads to be served and analytic tracking for developers.
Some of this information doesn’t surprise me about App Store Apps, especially iOS 4.0 apps. Apple has opened up access to much of the iPhone’s data; contacts, songs, etc. They announced this info when they announced iOS 4.0 earlier this year.
What developers do with this data is really the concern. Most developers are probably honest and if they access the data, they let the user know. However, there are clearly nefarious developers out there that try their best to get past Apple’s reviewers and get their apps in the store.
It’s becoming clearer and clearer that we as smart phone users need to have a 3rd party unbiased group that checks out these apps to make sure that they are safe for the masses. Both for iOS and Android OS’s. Apple’s reviewers are clearly not capable of detecting nefarious programs, the flashlight app called Handy Light is a great example, and even though Android is Open and probably being policed by other developers, the fact that a wallpaper app that sent all kinds of private user data to a server in China was downloaded between 1 to 4+ million times before it was removed, shows that there is definitely a need for some kind of review from an unbiased 3rd party.
Until something like this arrives, make sure you really need the app you are downloading when it comes to apps like wallpaper or flashlight apps. Wallpapers can be downloaded from hundreds, if not thousands, of websites on the Internets and flashlight apps are really nothing more than a white picture being displayed on your phones screen. Both are easy to replicate without having to pay for or download a special app.
Comments on this entry are closed.