Lookout Says Beware of Android and iPhone Apps

Lookout, one of the major developers in smartphone security, just announced the App Genome Project, created to study mobile applications in order to identify security threats and verify how applications are accessing personal data and other phone resources.

The App Genome Project plans to study almost 300,000 applications, which were already scanned. Nearly 100,000 application from the total are already fully mapped and early findings show differences in the sensitive data that is typically accessed by Android and iPhone applications.

“The App Genome Project is an important step in securing our mobile phones against threats. With a real time database, we can quickly identify threats in the wild and swiftly move to protect consumers,” said John Hering, CEO of Lookout. “Early results point to the need for developers to be more aggressive about protecting consumers’ personal information, including what information is accessed, what is sent off the phone and how it is stored.”

Here are some of the early findings showing differences in the sensitive data which is being accessed by Android and iPhone applications:

29% of free applications on Android have the capability to access a user’s location, compared with 33% of free applications on iPhone;
Nearly twice as many free applications have the capability to access user’s contact data on iPhone (14%) as compared to Android (8%);
47% of free Android apps include third party code, while that number is 23% on iPhone.

“The ability for applications to easily access personal data has opened up a world of possibilities for mobile applications, but also places a greater burden of responsibility on both developers and users,” said Kevin Mahaffey, CTO of Lookout and co-author of the study. “As we continue building the App Genome Project, we’re committed to providing the insight about mobile applications necessary to keep phones and sensitive information safe.”

Announced at the Black Hat security conference this week, the App Genome Project plans to release the full findings of Lookout's security researchers, and will also try to demonstrate the new vulnerabilities caused by inadvertent developer practices and platform issues.