Google is taking issue with a report it says exaggerates the possible security dangers of Android applications. The report, an analysis of more than 48,000 applications, found 20 percent request permissions to access private or sensitive information that an attacker could use for malicious purposes.
Google is taking issue with a report from SMobile Systems suggesting
Google Android applications are leaving users open to identity theft.
In an analysis
of more than 48,000 applications
(PDF) currently available on the Android
Market, SMobile found that 20 percent request permission to access sensitive
information an attacker could use for some malicious purpose. In
addition, 5 percent of applications have the ability to place a call to any
number without requiring user intervention.
"The Android operating system and the Android Market are quickly
becoming the most widely used mobile platform and app store in the world,"
Neil Book, CEO of SMobile Systems, said in a
statement. "There are individuals and organizations out there right now,
developing malicious code designed to capture your most personal information
and use it to their advantage."
SMobile's technology uses the permissions and application requests as a basis
to judge whether or not the application is malicious. In its study, 29 of
the applications were found to request the exact same permissions as known
spyware. However, a Google spokesperson pointed out that the
permissions list gives the user the ability to prevent unauthorized
applications from doing anything malicious.
"This report falsely suggests that Android users don't have control
over which apps access their data," a Google spokesperson said. "Not
only must each Android app get users' permission to access sensitive
information, but developers must also go through billing background checks to
confirm their real identities, and we will disable any apps that are found to
Though the spokesperson could not share the number of malicious applications
removed from Android Market, Google
did remove some banking applications
in 2009 for violating its terms of
use. According to Google, in addition to users receiving a clear list of
permissions that they can choose to accept or decline, users are able to flag
content they deem inappropriate, or that causes problems with their devices,
for human review.
"This information helps users to decide what to download and what not
to download," the Google spokesperson said. "In case malware does end
up getting downloaded, we 'sandbox' every application on Android, meaning
we give it limited access to phone resources by default such that any
malware that appears will have limited impact."
Android is not the only mobile platform being targeted by attackers. Earlier
in June, researchers at mobile security vendor Lookout discovered attackers
Windows Mobile devices
with malicious applications.
"The open-source architecture that drives Android phones and the
abundance of application stores available for all smartphone devices have
allowed developers to quickly create and post thousands upon thousands of new
applications," SMobile Systems CTO
Daniel Hoffman said in a statement. "As a result, applications are
currently available that have the potential to cause serious harm to devices,
customers and to the broader cellular network."