Mobile
News
7/20/2011
08:45 AM
Connect Directly
RSS
E-Mail
50%
50%

Many Android Apps Leaking Private Information

In study of 10,000 Android apps, Dasient finds more than 800 may be compromising data.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
If you think that malware and other security vulnerabilities haven't hit the Android smartphone platform yet, think again.

That's the message of a forthcoming talk that will be given on mobile malware threats by Dasient CTO Neil Daswani at the Black Hat conference in Las Vegas July 30 - Aug. 4.

Daswani will reveal the full results of a study conducted by anti-malware service provider Dasient, which has analyzed some 10,000 applications on the Android platform to determine their rate of infection and vulnerability to security attacks.

The study offers some sobering results on the rapid growth of malware on mobile devices, particularly the Android. The number of malware samples Dasient has detected on mobile devices has doubled in the past two years, Daswani says.

In the study, Dasient analyzed the live behavior of Android apps to determine their security posture. Of the 10,000 applications evaluated, more than 800 were found to be leaking personal data to an unauthorized server, Daswani says.

In addition, the researchers found that 11 of the applications were sending potentially unwanted SMS messages out to other smartphones--the mobile version of spam, Daswani says.

"Some of these applications, once started, were sending premium SMS messages," Daswani says. "The user ends up paying for those messages, and they can be pretty expensive. It's sort of like the old 900-number scams, where if you called once, your phone would continue to incur the charges over and over again."

These scams are likely to continue until mobile network service providers and device makers work out conventions on how to handle marketing and sales messages on SMS, Daswani predicts. In some cases, legitimate application providers are simply initiating SMS communications without the user's consent, because there aren't any rules yet that require such consent, he notes.

The study also reveals the results of a forensic analysis of Android apps, which already have been infected earlier this year with the Droid Dream malware and again last month with Droid Dream Lite. In the study, Dasient found many other instances of malware that attempts to take over control of the device at the root level, and even seeks to spread to other devices in a worm-like fashion.

Read the rest of this article on Dark Reading.

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.