26 percent of apps on Google Play access user data: Bit9 research
| by Anuradha Shetty |
Be careful the next time you hit download on any app on the Google Play store. An analysis of over 400,000 apps on the Google Play store by Bit9 has led it to classify more than 100,000 apps -- 26 percent of the apps analysed -- as “suspicious” or “questionable”. In its research report following the analysis, Bit9 shared that 26 percent of the apps on the Google Play were found to be adept at accessing users' personal data, including contacts and email.
The company “surveyed IT security decision makers responsible for the mobile device usage policy for more than 400,000 employees”. 71 percent of the organisations surveyed allowed its employees to bring their own device (BYOD) to work; only 24 percent put into effect application monitoring or control to let them gauge the applications its employees were using on their mobile devices.
Check before you download an Android app
Google Play applications were covered in this research, since it has been found that more smartphones today run Android than any other operating system.
Apps were referred to as “questionable” or “suspicious” based on these criteria: permissions requested by the application, categorisation of the application, user rating, the number of downloads, and the reputation of the application’s publisher. While examining 400,000 Android apps on the Play store, Bit9 found that almost 72 percent of the apps use at least one high-risk permission. 42 percent of the surveyed applications, including wallpapers, games and utilities, accessed GPS location data. Another 31 percent were found to access phone calls or phone numbers, and 26 percent of the apps accessed personal data, such as contacts and email. Nine percent of the apps were found employing permissions use that could cost the user money.
“A significant percentage of Google Play apps have access to potentially sensitive and confidential information,” said Harry Sverdlove, chief technology officer for Bit9. “When a seemingly basic app such as a wallpaper requests access to GPS data, this raises a red flag. Likewise, more than a quarter of the apps can access email and contacts unbeknown to the phone user, which is of great concern when these devices are used in the workplace.”
Elaborating further on its survey of IT security decision makers, who influenced mobile device usage policy for more than 400,000 employees, Bit9 shared that roughly three quarters of those surveyed admitted to being to carry their own device to work and access company email, calendar, and schedulers. Bit9 concluded that this was a risky decision considering the rather high percentage of applications it found with access permissions to these programs.
Bit9 shared that among the IT security decision makers surveyed, 78 percent feel phone makers did not focus enough on security, 71 percent allowed its employees to bring their own smartphones to the workplace.
Security featured prominently when deciding whether to allow employees to bring their personal devices to work for 68 percent of those surveyed.
A measly 24 percent of the companies were found to employ application control or monitoring to gauge the applications are running on employees' mobile devices. Only 37 percent of those surveyed were found to have deployed malware protection on employee-owned devices, and 84 percent of respondents believed iOS to be more secure than Android.
The survey, in its conclusion, shared that while most organisations allowed its employees to carry their personal devices to work, they had little access into the privacy and security risks the mobile applications on the devices pose to the companies' networks. These set-ups (BYOD policies) mostly rely on convenience rather than on security - serving as a wake-up call to organisations to safeguard their intellectual property.
Tags: Android applications , Android market , Bit9 research , research , cyber security , Google Play store , Android apps , Android , Google Play apps , BYOD policies , iOS , Android OS , app permissions , user data