Analysis: Popular Android Apps Access More Information than Needed

Type threatpost
Reporter Anne Saita
Modified 2013-04-17T16:32:20


Android informationA South Korean security provider says it’s uncovered popular Android apps that want more information than is required, putting users at risk.

AhnLab, Inc., headquartered in Seoul, analyzed 178 of the best-rated Android applications using its cloud-based app security analysis tool, ranking each app on a scale of 1 to 100 in degree of risk. Any app receiving 60 or above was classified as malicious across five different access categories: personal information, service information, location information, service charging and device information.

The company doesn’t mention which Android app list it used to determine which were most popular, but anyone who closely follows mobile security will not be surprised by their findings. With 300 million Android devices as of February, it’s is a favorite target for malware developers. And mobile security in general is becoming a top issue for global security executives challenged by the number of devices belonging to employees, customers and business partners trying to access internal servers.

According to the data extracted by AhnLab’s analyzer, 42.6 percent of all apps examined require excessive permissions for device information access. Almost 40 percent ask for excessive permissions for location information access, putting victims at risk of stalking, while 33 pecent required personal information be divulged to access the app. Service charging excesses were a distant 8.4 percent, and none of the apps appeared to require excessive service information data.

“As many users selects [sic] Android-based smartphones, the number of malicious codes which target personal information or payment information is also increasing,” said HoWoong Lee, director of the AhnLab Security E-response Center, in a prepared statement. “This kind of malicious behavior can be even more dangerous when it comes to stealing the banking data. It is very hard for the victims to notice the malicious behavior as it is run behind the normal application.”

The same day AhnLab released its findings, another site was warning Pinterest fans to beware of scams perpetuated by tricking the social networks’ users into downloading fake Android apps. The site to date has released only an iPhone app, according to PC Magazine. These fake apps display ads on a device’s notification bar and may have access to the user’s browser history and bookmarks and possibly location, according to Gotta Be Mobile.

The scams gain traction each time so-called free offers are pinned by their friends.