South Korean security firm AhnLab recently reported that many leading Android apps request excessive permissions to access user data.
The company analyzed 178 top-rated Android apps, checking their permissions in five key areas: personal information access, service information access, location information access, service charging and device information access.
According to AhnLab, 42.6 percent of the apps required excessive permissions for device information access, 39.3 percent required excessive permissions for location information access, 33.1 percent required excessive permissions for personal information access, and 8.4 percent required excessive permissions for service charging. None of the apps were found to require excessive permissions for service information access.
The company says these kinds of excessive permissions can allow malicious hackers to steal mobile banking information, clone a smartphone, stalk a user, or deliver unwanted pay-per-use services.
"As many users [select] Android based smartphones, the number of malicious codes which target personal information or payment information is also increasing," AhnLab Security E-response Center director HoWoong Lee said in a statement. "This kind of malicious behavior can be even more dangerous when it comes to stealing the banking data. It is very hard for the victims to notice the malicious behavior as it is run behind the normal application."
"But having legitimate applications access more data than they require would appear to be quite common," notes InformationWeek's Mathew J. Schwartz. "That goes not just for legitimate Android apps, as well as malware, but also for iOS apps. Many social networking applications, including Path and Hipster, were called out earlier this year over revelations that they sent unencrypted copies of iOS users' address books back to their servers."