With hundreds of thousands of Android and Apple apps in their respective markets, the world may seem to be a smart phone owner’s delight.
But availability doesn’t mean security. As security writer Graham Cluley notes in this posting, the issue was the subject of a paper presented last week in Berlin by researchers from antivirus software maker Bitdefender.
The staffers looked at over 800,000 apps in the Google Play and iOS App Store and didn’t like what they saw, including apps that downloaded sensitive information from mobile devices over unsecured connections.
Apple and Google say they screen apps before releasing their in their stores, but only for malware and not what I would call risky behavior like capturing the user’s email address.
But this is somewhat of a “cup half-full/half-empty” report from the vendor”: Out of 630,000 Android apps, 3.71 per cent transmitted a user’s email address to the developer. One way to look at that is it’s a pretty small percentage. The other way, of course, is that there are about 23,000 apps in Google Play that take your email and do heaven only knows what.
Similarly, Bitdefender found 0.44 per cent of Google Play apps and 0.51 per cent of iOS apps used an unencrypted connection for authentication and registration. A small number, but still, if you don’t know which ones it leaves the possibility of hackers stealing email addresses and passwords.
The report found it’s not just poorly-coded (or deliberately coded) apps that are problematic. Third party advertising libraries are also culprits.
Finally, as many have noted, the most likely apps to be wary of if you don’t know where they came from are games. The Google Play store included at the time of the study some 5,000 repackaged apps of originals including bogus versions of certain games.
The message is users still have to be careful in these stores, and to rely on the advice of trusted and experienced friends or Web site reviews.