EDGE 2015 is starting in

Find out more EDGE 2015
Menu
Study finds 25 per cent of Android apps to be a security risk

Study finds 25 per cent of Android apps to be a security risk

A review by Bit9 of Android Apps in the Google Play market found over 100,000 that are "questionable" or "suspicious"

According to a new report from Bit9--a security vendor with a focus on defending against advanced persistent threats (APT)--there is a one in four chance that downloading an Android app from the official Google Play market could put you at risk. Bit9 analyzed 400,000 or so apps in Google Play, and found over 100,000 it considers to be on the shady side.

Does that mean that the sky is falling, and everyone with an Android smartphone or tablet should abandon it immediately? No. The research by Bit9 illustrates some issues with app development in general, and should raise awareness among mobile users to exercise some discretion when downloading and installing apps, but it's not a sign of any urgent crisis affecting Android apps.

The report from Bit9 isn't about apps that contain malware, or are even overtly malicious for that matter. Bit9 reviewed the permissions requested by the apps, and examined the security and privacy implications of granting those permissions. The reality is that many apps request permission to access sensitive content they have no actual need for.

Bit9 says that 72 percent of all Android apps in the Google Play market request access to at least one potentially risky permission. For example, 42 percent request access to GPS location data, 31 percent want access to phone number and phone call history, and 26 percent ask for permission to access personal information. Bit9 discovered 285 apps that use 25 or more system permissions.

In addition to analyzing the apps in Google Play, Bit9 also surveyed IT decision managers about the mobile usage and security policies in place. The survey found that 71 percent of organizations allow employee-owned devices to connect to the company network, and 96 percent of those allow employees to access company email from a personal mobile device.

When you combine the two--the number of potentially risky apps, and the access companies grant personal mobile devices--it represents a security concern for organizations. When an employee allows an app to access sensitive information on a mobile device that is connected to the company network or email, it could expose customer, employee, or other company-owned data to the app.

Again, it's possible that all of the "offending" apps are legitimate, and that none of them pose any significant security risk. The issue is that apps with access to personal information and sensitive data have the potential to be a security risk--either intentionally or inadvertently--and many apps don't have a valid need for the access.

Keep in mind that the issue is not limited to Android. The Bit9 report focuses on Google Play and Android apps, but the problem stems from poorly developed apps, and users who blindly accept whatever permissions are requested without considering the implications.

Use caution. Next time you download some arcade game app, think twice about whether it really needs access to your GPS location data. If you download a music playing app, ask yourself if it really needs permission to access all of your contacts and personal information. Make sure you know what permissions you are granting before you tap to accept them, and don't install apps that require questionable or suspicious access to your device.

EDGE 2015:: For all the latest on EDGE 2015 including the keynote speakers visit the EDGE mini-site now

2015 ARN ICT Industry Awards: Nominations for the 2015 ARN ICT Industry Awards close on June 26. NOMINATE NOW!!!

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags consumer electronicsappsGooglesecurityBit9smartphonesAndroidbusiness security

Upcoming

Slideshows

In Pictures: Robots that cook, clean, sing and dance
Tech Hive

In Pictures: Robots that cook, clean, sing and dance

Cooking, learning language and doing the laundry are a few of the human skills demonstrated by.real humanoid bots featured in the National Geographic movie Robots.

In Pictures: Robots that cook, clean, sing and dance
IN PICTURES: OKI Data Australia partner event (+10 photos)
Business Products

IN PICTURES: OKI Data Australia partner event (+10 photos)

OKI recently hosted its ChannelOne dealer forum for its executive series channel partners to get together and learn about the company's new high-performance ES8400 A3 multifunction series printers. After a welcome and business overview from OKI Data Australia managing director, Dennie Kawahara, delegates were given a comprehensive overview of the new product, as well as an update on the latest marketing initiatives and software solutions, before being treated to live demos and a product showcase. Partners were also given a preview of OKI’s upcoming A3 digital LED white toner printer. With more than 60 delegates attending from all over the country, the day concluded with dinner at Casa Ristorante Italiano in Sydney and several delegates also participated in a friendly game of golf the following morning.

IN PICTURES: OKI Data Australia partner event (+10 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments