Google Says Android App Security Report Flawed
Google is taking issue with a report from SMobile Systems suggesting Google Android applications are leaving users open to identity theft.
In an analysis of more than 48,000 applications (PDF) currently available on the Android Market, SMobile found that 20 percent request permission to access sensitive information an attacker could use for some malicious purpose. In addition, 5 percent of applications have the ability to place a call to any number without requiring user intervention.
"The Android operating system and the Android Market are quickly becoming the most widely used mobile platform and app store in the world," Neil Book, CEO of SMobile Systems, said in a statement. "There are individuals and organizations out there right now, developing malicious code designed to capture your most personal information and use it to their advantage."
SMobile's technology uses the permissions and application requests as a basis to judge whether or not the application is malicious. In its study, 29 of the applications were found to request the exact same permissions as known spyware. However, a Google spokesperson pointed out that the permissions list gives the user the ability to prevent unauthorized applications from doing anything malicious.
"This report falsely suggests that Android users don't have control over which apps access their data," a Google spokesperson said. "Not only must each Android app get users' permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious."
"This information helps users to decide what to download and what not to download," the Google spokesperson said. "In case malware does end up getting downloaded, we 'sandbox' every application on Android, meaning we give it limited access to phone resources by default such that any malware that appears will have limited impact."
Android is not the only mobile platform being targeted by attackers. Earlier in June, researchers at mobile security vendor Lookout discovered attackers were targeting Windows Mobile devices with malicious applications.
"The open-source architecture that drives Android phones and the abundance of application stores available for all smartphone devices have allowed developers to quickly create and post thousands upon thousands of new applications," SMobile Systems CTO Daniel Hoffman said in a statement. "As a result, applications are currently available that have the potential to cause serious harm to devices, customers and to the broader cellular network."