A study by security company Bit9 has found that 26% (100,000) of apps on the Google Play app store (formally Android Marketplace) have been accessing user’s sensitive personal information. This includes GPS location data, phone contacts and call logs.
Bit9 methodically reviewed 400,000 apps of the reported 600,000 apps on the Play store and focused on the permissions each app requested. This represents two thirds of the marketplace. The apps were ranked based on reputation. For example, a game by a high profile publisher that asked for little permission had high reputation whereas a wallpaper by a relatively unknown publisher asking for many permissions was classed as suspicious.
The study found that of the 100,000 apps that posed a threat;
• “72% of all Android apps (more than 290,000) access at least one high-risk permission.”
• “42% had access to GPS location data”
• “31% had access to phone calls or phone numbers”
• “26% have access to personal information”
• “9% use permission that can cost money”
• “1% have access to account information”
The difference between the Play Marketplace and Apple’s counterpart is that the Play store is much more open. This means that apps on the Play Marketplace go through less testing than apps on Apple’s App Store. The result of this being that it is a lot easier to get malicious software onto an Android device making it the ideal breeding ground for hackers.
While the Play Marketplace is good, offering hundreds of thousands of apps for free, which may otherwise cost you money on competitor’s stores, this study may make you double check precisely what permissions you are giving next time you download that fancy new wallpaper, for example.
You can read the full report by Bit9 here.