Security solutions provider Bit9 has released a report called “Pausing Google Play: More Than 100,000 Android Apps May Pose Security Risks.” The analysis focuses on over 400,000 Android applications hosted on Google’s app market.
It turns out that 25% (100,000) of applications have exhibited some sort of suspicious or questionable behavior. That doesn’t mean they’re malicious – since, as the experts emphasize, Google does a pretty good job at keeping the market clean.
Instead, they do access more information than users might expect. Considering that these days smartphones are utilized to store all sorts of personal and corporate data, the fact that some apps access more than they should might be problematic in certain cases.
Other key findings reveal that 72% of Android apps access at least one permission that can be catalogued as high-risk.
Experts highlight that the problem isn’t about what permissions an app requests, but it’s whether those permissions make sense.
“For example, it is less suspicious for a social media app to have access to email contacts than it is for a wallpaper app to do the same,” Bit9’s Harry Sverdlove explained in a blog post.
The report is also based on a survey that targeted the decision makers responsible for mobile policies. 71% of them said the organizations they worked for allowed their employees to bring their own devices and connect them to the company’s network.
Furthermore, 96% of respondents admitted that employees could access company email from their own devices. A majority of them (84%) believe that iOS is much more secure than Android.
“The risk for IT security departments is not just in losing primary control over data stored on (or transmitted from) a smartphone. Mobile data, such as contacts and emails, can be easily used to launch more sophisticated spear-phishing or other targeted attacks directly against traditional desktop and laptop systems,” Sverdlove added.