According to a new report from Bit9, more than 100,000 Android apps in the Google Play store (25 percent of more than 400,000 apps studied) pose a security risk to users.
"Security vendor Bit9 categorized these Android apps as 'questionable' or 'suspicious" because they could gain access to personal information to collect GPS data, phone calls or phone numbers and much more after the user granted 'permission' to the app," writes Computerworld's Ellen Messmer. "'You have to say 'yes' to the application or it won't run,' pointed out Harry Sverdlove, Bit9 CTO."
"A significant percentage of Google Play apps have access to potentially sensitive and confidential information," Sverdlove said in a statement. "When a seemingly basic app such as a wallpaper requests access to GPS data, this raises a red flag. Likewise, more than a quarter of the apps can access email and contacts unbeknown to the phone user, which is of great concern when these devices are used in the workplace."
"For the study, Bit9 researchers compared the specific permissions used by each app with the app type, users' ratings, and the number of times the app had been downloaded, as well as the reputation of the app publisher," writes InformationWeek's Mathew J. Schwartz. "The researchers then used this information to qualify, on a per-app basis, which permissions were questionable or suspicious."
"Some 26 percent of Android apps in Google Play can access personal data, such as contacts and email, and 42 percent, GPS location data -- in many cases, whether they need it or not," writes Dark Reading's Kelly Jackson Higgins. "That's the finding from some 412,000 Android apps analyzed by Bit9. Other findings from the research: 31 percent of the apps access phone calls or phone numbers, and 9 percent employ permissions that could cost the user money, such as incurring premium SMS text message charges."