The researchers have already collected more than 1,200 malware samples.
Clueful warns users if other apps on their iPhones are tracking their location, reading their address book, and more.
The researchers say the vulnerability could allow attackers to deliver malicious content to smartphone users.
The FBI says travelers are being targeted through pop-up windows when they connect to the Internet in hotel rooms.
The researchers say this appears to be the first time hacked Web sites are being used specifically to target mobile devices.
According to AhnLab, fully 42.6 percent of apps require excessive permissions for device information access.
The companies will work together on research and development, and will make Lookout's security app available to Deutsche Telekom's customers.
The proof-of-concept malware uses the device's motion sensors to steal passwords and other user data.
The malicious apps are being offered on Web sites that mimic the official Instagram site.
The operating system scored well for its security, authentication, device wipe functionality, firewall and virtualization.