Phones

Many Harmful Android Apps Wear a Friendly Face, Study Warns

PCs have been the victims of malware, spyware, and viruses since their inception. Why would mobile devices be any different? Since smartphones are, essentially, becoming mini-computers, a warehouse of open-source applications is a prime target for even amateur hackers.

Android, the open source, free platform launched by Google for mobile devices, allows developers to create applications regulated only by the community, which means no formal screening process monitors the many applications that become available every day. In other words, it's up to the users and the open-source community to locate, detect, and report potential threats.

Many of these threats are disguised behind innocent, seemingly harmless applications, according to SMobile Systems, a security vendor. Its study, "Threat Analysis of the Android Market," warns that of the 48,694 available Android applications, one in five requests permission to access private or sensitive information, and one in 20 provides a feature for the smartphone to make calls to any number without user interaction or authority.

This could be potentially devastating to a company communicating sensitive or classified information via text messages, such as stock data, dynamic password authentication, competitive purchasing, or buyouts.

The SMobile study also identified existing, available applications that mimicked permissions used by other spyware, apps that rendered the device unusable, and apps that could read and use unauthorized authentication credentials.

Google is reportedly taking issue with SMobile's conclusions, and promised to disable apps outed as malicious. I don't necessarily agree with SMobile that fully 20 percent of the Android apps are outright malware. After all, SMobile is in the business of selling security products for smartphones. But, users should take precautions to protect their privacy and the security of those they communicate with.

Android requires developers to provide application permissions, which users can modify and set, to some degree, based on the app, but not all users understand the programming terminology. In fact, some permissions that are meant to prevent attacks can actually be used against the user.

If your colleagues and employees freely download Android apps, a serious review of your mobile devices' security and a reliable, security protection program would be a worthy investment, especially if the smartphones have access to the company's intranet or servers.

Before installing new apps, it would be wise for you to check the Internet, Google, and the Android Web site for alerts and warnings about specific, malicious programs that could pose threats to your smartphone security.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Best of PCWorld Newsletter

Comments