June 23, 2010 | by Jorge Parrales
A recent threat analysis report conducted by security firm SMobile Systems concluded that as many as one-fifth of all applications in the Android Market allow a third-party application to have access to some or all of your sensitive information. The level of vulnerability can range greatly, as some applications could access the contents of your email and text messages, while others could even make phone calls or send text messages to any number without needing the user’s authorization.
More than 48,000 applications’ permissions information were analyzed in this report. It was determined that 3 percent of the applications could send texts to premium numbers that incur expensive charges. 383 applications were found to have the ability to use the authentication credentials from another service or application. And eight of the applications analyzed actually request a specific permission that allows the phone to brick itself, making it completely unusable.
The discussion on safety in the Android Market has been going on for a long time, thanks in large part to the frustrating security model that relies on the community to identify malware. This process requires a certain number of users to download and use an application before [hopefully] identifying the malicious nature of the program and THEN reporting it to the market.
It should be noted that the vast majority of these applications are not remotely malicious, and most of them actually need the access to some sensitive information to do what you want them to do. The more important thing to take away from this is that you should be more aware about what permissions these applications are requesting from you and whether or not they actually need that. For example, a soundboard application should never need access to your emails or texts or to your phone’s location.
It is also worth noting that SMobile Systems actually sells its own security software, so they have incentive to strike fear in the minds of android users. But what they are saying is worth paying attention to, and though I personally have not used their security software, I can’t imagine it would be a bad thing to do.
If you would like to read more of the report, you can find it through this link.