Digital security company Bit9, which describes itself as the global leader in advanced threat protection, says more than a quarter of the Android applications it analysed may pose security risks to users. It points out this could have particularly serious implications for the growing ‘bring your own device’ (BYOD) trend within businesses.
More than 400,000 apps in the Google Play marketplace were analysed by Bit9, which looked at the permissions requested by these applications.
31% had access to phone calls or phone numbers, 26% of apps had access to personal information such as contacts and email, 9% accessed phone features that could cost money and 1% had access to account information.
Overall, 72% of apps were found to use at least one ‘high risk’ permission and 25% of apps were described by Bit9 as ‘questionable’ or ‘suspicious’. The rating was based on the age of the application, its popularity, the number of updates since launch, the reputation of the publisher and the permissions requested when compared with other similar apps.
Harry Sverdlove, chief technology officer for Bit9, said “A significant percentage of Google Play apps have access to potentially sensitive and confidential information. When a seemingly basic app such as a wallpaper requests access to GPS data, this raises a red flag. Likewise, more than a quarter of the apps can access email and contacts unbeknown to the phone user, which is of great concern when these devices are used in the workplace.”
Bit9 also conducted a survey of IT staff involved in mobile device usage policy. 71% said their organisation allowed employees to use their own mobile devices to access company email, calendar and scheduling. However, just 37% were using malware protection and only 24% of companies used any form of monitoring to check the applications that were running on employees’ mobile devices.
As a result, organisations without appropriate BYOD management could be introducing privacy and security risks to their networks and their information via malicious mobile applications.
[Report (pdf)]