Many Android Apps Leaking Private Information - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile

Many Android Apps Leaking Private Information

In study of 10,000 Android apps, Dasient finds more than 800 may be compromising data.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
If you think that malware and other security vulnerabilities haven't hit the Android smartphone platform yet, think again.

That's the message of a forthcoming talk that will be given on mobile malware threats by Dasient CTO Neil Daswani at the Black Hat conference in Las Vegas July 30 - Aug. 4.

Daswani will reveal the full results of a study conducted by anti-malware service provider Dasient, which has analyzed some 10,000 applications on the Android platform to determine their rate of infection and vulnerability to security attacks.

The study offers some sobering results on the rapid growth of malware on mobile devices, particularly the Android. The number of malware samples Dasient has detected on mobile devices has doubled in the past two years, Daswani says.

In the study, Dasient analyzed the live behavior of Android apps to determine their security posture. Of the 10,000 applications evaluated, more than 800 were found to be leaking personal data to an unauthorized server, Daswani says.

In addition, the researchers found that 11 of the applications were sending potentially unwanted SMS messages out to other smartphones--the mobile version of spam, Daswani says.

"Some of these applications, once started, were sending premium SMS messages," Daswani says. "The user ends up paying for those messages, and they can be pretty expensive. It's sort of like the old 900-number scams, where if you called once, your phone would continue to incur the charges over and over again."

These scams are likely to continue until mobile network service providers and device makers work out conventions on how to handle marketing and sales messages on SMS, Daswani predicts. In some cases, legitimate application providers are simply initiating SMS communications without the user's consent, because there aren't any rules yet that require such consent, he notes.

The study also reveals the results of a forensic analysis of Android apps, which already have been infected earlier this year with the Droid Dream malware and again last month with Droid Dream Lite. In the study, Dasient found many other instances of malware that attempts to take over control of the device at the root level, and even seeks to spread to other devices in a worm-like fashion.

Read the rest of this article on Dark Reading.

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll