Many Android Apps Leaking Private Information - InformationWeek
IoT
IoT
Mobile
News
7/20/2011
08:45 AM
50%
50%

Many Android Apps Leaking Private Information

In study of 10,000 Android apps, Dasient finds more than 800 may be compromising data.

Lookout Mobile Security Protects Android Smartphones
Slideshow: Lookout Mobile Security Protects Android Smartphones
(click image for larger view and for slideshow)
If you think that malware and other security vulnerabilities haven't hit the Android smartphone platform yet, think again.

That's the message of a forthcoming talk that will be given on mobile malware threats by Dasient CTO Neil Daswani at the Black Hat conference in Las Vegas July 30 - Aug. 4.

Daswani will reveal the full results of a study conducted by anti-malware service provider Dasient, which has analyzed some 10,000 applications on the Android platform to determine their rate of infection and vulnerability to security attacks.

The study offers some sobering results on the rapid growth of malware on mobile devices, particularly the Android. The number of malware samples Dasient has detected on mobile devices has doubled in the past two years, Daswani says.

In the study, Dasient analyzed the live behavior of Android apps to determine their security posture. Of the 10,000 applications evaluated, more than 800 were found to be leaking personal data to an unauthorized server, Daswani says.

In addition, the researchers found that 11 of the applications were sending potentially unwanted SMS messages out to other smartphones--the mobile version of spam, Daswani says.

"Some of these applications, once started, were sending premium SMS messages," Daswani says. "The user ends up paying for those messages, and they can be pretty expensive. It's sort of like the old 900-number scams, where if you called once, your phone would continue to incur the charges over and over again."

These scams are likely to continue until mobile network service providers and device makers work out conventions on how to handle marketing and sales messages on SMS, Daswani predicts. In some cases, legitimate application providers are simply initiating SMS communications without the user's consent, because there aren't any rules yet that require such consent, he notes.

The study also reveals the results of a forensic analysis of Android apps, which already have been infected earlier this year with the Droid Dream malware and again last month with Droid Dream Lite. In the study, Dasient found many other instances of malware that attempts to take over control of the device at the root level, and even seeks to spread to other devices in a worm-like fashion.

Read the rest of this article on Dark Reading.

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll