Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fifth of Android Apps Expose Private Data

Posted by CmdrTaco on from the that's-why-i-only-use-lynx dept.

WrongSizeGlass writes "CNET is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mail and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

5 of 286 comments (clear)

  1. Re:well well by cduffy · · Score: 5, Informative

    Err --

    Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags. What this study (presumably) did is just check which apps have which flags set.

    Thing is, when you-the-user install an app, you're told exactly which flags it has set, and given the opportunity to confirm or deny. In short -- if you're installing a lighter-flame gadget which says it's allowed to read your address book and connect to the Internet, and you click "OK", you deserve exactly what you get.

    (Also -- misbehaving developers can, and sometimes do, have their signing keys revoked).

  2. Summary is wrong and trolling by recoiledsnake · · Score: 5, Informative

    From the summary:

    5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

    Err, the mobile user was explicitly informed of this BEFORE the software is install. Don't believe me? Check this screenshot http://www.taosoftware.co.jp/en/android/wakeupcallmaker/img/wakeupcallmaker_install.png

    I guess someone has an axe to grind against Android (hint, hint) just because there were stories earlier about the iPhone revealing the exact location of the users to applications and ads.

    --
    This space for rent.
  3. Nothing against Android... by msauve · · Score: 5, Informative

    ...in particular. They're just selling anti-malware software for smartphones. They'll be glad to sell you protection for your RIM, WinMo, or Symbian phone, too. They're also glad to point out the danger you're in with those phones, too - lacking their product.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  4. Re:Operative words by SighKoPath · · Score: 5, Informative
    As an example, here is the warning text from the most recent update to the Google Maps application:

    This application has access to the following:
    • Your personal information: read contact data, write contact data
    • Services that cost you money: directly call phone numbers
    • Your location: coarse (network-based) location, fine (GPS) location
    • Network communication: full Internet access
    • Your accounts: Google Maps, manage the accounts list, use the authentication credentials of an account
    • Storage: modify/delete SD card contents
    • Phone calls: read phone state and identity
    • Hardware controls: record audio
    • System tools: prevent phone from sleeping, retrieve running applications

    These are all displayed to the user in big orange warning text, with an OK/Cancel button below 'em. Every application in the market does this sort of thing, so the user knows exactly what every app is able to do. The article looks like FUD to me.

  5. Re:Operative words by pegisys · · Score: 5, Informative

    You have to OK all the things that an app can touch before you install it, if you go installing apps without looking at what it can possibly touch then that is your problem. That is unless there is an exploit that allows developers to access features that it does not specify in the application manifest.