Slashdot Mirror
Fifth of Android Apps Expose Private Data
WrongSizeGlass writes "CNET is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mail and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."
And you are notified when installing in red letters exactly what the application has access to.
News flash: 100% of your pc applications have access to your file system!
The differences between Android and iPhone are: (AFAIK)
- There are much less of these APIs on the iPhone than Android (eg: I dont think there is any API to access your email from an iPhone App, or make phone call or SMS without user confirmation)
- Android's user confirmation is at install, while iPhone's user confirmation is when the app try to use a particular API for the first time (eg: when it tries to use location) And the app can keep running even if the user denies it the right to use a specific service.
All in all, the iPhone security scheme is much more conservative, with the side effect that you cant do as many things in an iPhone app as you could in an Android App. For example, you could probably write an android app to could automatically navigate phone menus (eg: "For billing press 1" kind of things) while this is probably not possible for iPhone.
Apple is betting that their conservative approach will be more appealing for users if they dont have articles like this one coming out. Google is betting that their open approach will be more appealing to developers, but if more article like this come out, Android will become like windows security wise. It does not matter if it is true, or if it is a matter of user giving permissions, its all a matter of perception.