As many as one-quarter of free Android apps track location data. That's one of many findings in a new report that raises security concerns in free apps available in Google Play, the technology giant's online store.
The report audited 1.7 million apps and was undertaken by Juniper Networks' Mobile Threat Center over 18 months in 2011 and 2012. Many of the free apps, the report said, "collect information or require permissions unnecessary for the described functionality of the apps."
This is not the first report to find that apps are collecting, and, in some cases, transmitting information irrelevant to their purported needs. In late 2010, for instance, The Wall Street Journal reported a large portion of sampled smartphone apps were transmitting the device's unique ID to other companies without users' awareness or consent, and some were also sending location, age and other personal details.
Collecting for Local Ads?
However, that story, undertaken two years ago with a much smaller selection, determined that the Android apps it analyzed transmitted less data than iPhone apps that the paper also reviewed.
The more comprehensive Juniper report said that a significant number of Android applications "contain permissions and capabilities that could expose sensitive data or access device functionality that they might not need."
For instance, while some of the Android apps use location data to customize local ads, the report found that many more apps were collecting that information than were actually serving up ads. Nine percent of apps worked with the top five ad networks, but 24.1 percent tracked location.
This fact that so many more free apps are using location tracking than are serving local ads, the company warned, led it "to believe that there are several apps collecting information for reasons less apparent than advertising."
'Most Concerning' Category
In addition, nearly 7 percent of free apps could access user address books, while slightly more than 2 percent of paid ones could, and 2.5 percent of free apps could silently send text messages versus 1.45 percent of paid apps. In other capabilities, such as secretly initiating calls in the background or accessing the device's camera, free apps also greatly outnumbered paid apps.
By category, the "most concerning" were racing games, as well as apps related to cards and casinos. The report recommends that developers correlate permissions to actual app functionality, and that there be better differentiations between kinds of permissions -- such as the difference between an app wanting to place an outgoing call, compared to a financial app that offers the benign convenience of being able to call local branches from within the app.
In addition, the report suggests that more information be provided to those who use free apps, and that users recognize that "free" comes at a price.
We asked Avi Greengart, an analyst with industry research firm Current Analysis, if the security issues surrounding free Android apps in particular are something that consumer and business buyers should be concerned about.
They "ought to be," he said, adding that he didn't see it happening. Greengart said there are pros and cons to Google's approach to the submission of apps for its Android marketplace, compared to Apple's greater vigilance. Pros include "more innovation and getting apps to market faster," he said, while the downsides include these kinds of security and privacy issues.
Ross Rubin, principal analyst for Reticle Research, agreed that consumers are generally more focused on factors like screen size or coverage area when they select a mobile device, while businesses tend to "have somewhat more scrutiny, especially for company-issued devices."
He noted, however, that Google, as well as Amazon, has begun to "step up the guidelines for app submissions," although they are not yet at the level of scrutiny that Apple or provide.
Posted: 2012-11-07 @ 11:54am PT
NOTHING is without cost....