Many Android Apps Leaking Private Information

Lookout Mobile Security Protects Android Smartphones

If you think that malware and other security vulnerabilities haven't hit the Android smartphone platform yet, think again.

That's the message of a forthcoming talk that will be given on mobile malware threats by Dasient CTO Neil Daswani at the Black Hat conference in Las Vegas July 30 - Aug. 4.

Daswani will reveal the full results of a study conducted by anti-malware service provider Dasient, which has analyzed some 10,000 applications on the Android platform to determine their rate of infection and vulnerability to security attacks.

The study offers some sobering results on the rapid growth of malware on mobile devices, particularly the Android. The number of malware samples Dasient has detected on mobile devices has doubled in the past two years, Daswani says.

In the study, Dasient analyzed the live behavior of Android apps to determine their security posture. Of the 10,000 applications evaluated, more than 800 were found to be leaking personal data to an unauthorized server, Daswani says.

In addition, the researchers found that 11 of the applications were sending potentially unwanted SMS messages out to other smartphones--the mobile version of spam, Daswani says.

"Some of these applications, once started, were sending premium SMS messages," Daswani says. "The user ends up paying for those messages, and they can be pretty expensive. It's sort of like the old 900-number scams, where if you called once, your phone would continue to incur the charges over and over again."

These scams are likely to continue until mobile network service providers and device makers work out conventions on how to handle marketing and sales messages on SMS, Daswani predicts. In some cases, legitimate application providers are simply initiating SMS communications without the user's consent, because there aren't any rules yet that require such consent, he notes.

The study also reveals the results of a forensic analysis of Android apps, which already have been infected earlier this year with the Droid Dream malware and again last month with Droid Dream Lite. In the study, Dasient found many other instances of malware that attempts to take over control of the device at the root level, and even seeks to spread to other devices in a worm-like fashion.

Read the rest of this article on Dark Reading.

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.