Consumers trade privacy for free apps, study shows
Free apps in the Google Play market are three times more likely to access information in their users' address books than paid apps.
That was one of the findings in a recent 18-month study of 1.7 million apps in the Google Play store by Juniper Networks, a network solutions company based in Sunnyvale, California.
Free apps were 314 percent more likely to access a user's address book and 401 percent more likely to track a user's location than paid apps, Juniper's researchers found.
What's more, they discovered that a significant number of applications contain permissions and capabilities to garner information from a user's handset that's not necessary for the functionality of the software.
"We also determined these apps had permission to access the Internet, which could provide a means for exposed data to be transmitted from the device," Juniper security analyst Daniel Hoffman writes in a company blog.
Sneaky app tricks
Key findings in the study include:
- 24.14 percent of free apps, compared to 6.01 percent of paid ads, ask for information to track a consumer's location.
- 6.72 percent of free apps, versus 2.14 percent of paid apps, want to access a user's address book.
- 2.64 percent of free apps, compared to 1.45 percent of paid apps, request permission to silently send text messages.
- 6.39 percent of free apps, versus 1.88 percent of paid apps, request permission to secretly initiate calls in the background.
- 5.53 percent of free apps, compared to 2.11 percent of paid apps, asked for permission to use a handset's camera.
Granting an application permission to secretly initiate phone calls or send SMS messages should be particularly troublesome to consumers, according to Hoffman.
"An application that can clandestinely initiate a phone call could be used to silently listen to ambient conversations within hearing distance of a mobile device," he said. "Similarly, access to the device camera could enable a third party to obtain video and pictures of the area where the device is present."
Giving an app free rein to send SMS messages is not only a way to siphon information from a handset without its owner's knowledge, the study notes, but can be used to send text messages to premium services that will line up a consumer's phone bill and line the pockets of cybercriminals.
Juniper's researchers said that certain categories of free apps were worse than others in leaching personal information from a handset for no apparent functional reason. Racing games are such a category. This category contains the highest number of applications that would be considered a newly discovered malware, the researchers note.
Juniper isn't alone in recent days in its severe analysis of the Android app market. Bit9 also released a report estimating that one out of every four Android apps to be a security risk.
For its part, Google is making efforts to make the Android ecosystem more secure for consumers. For example,it was recently reported that the next version of the Google Play store app will examine all the apps on a handset to determine if any of them contain malware signatures. The app will also warn a user when they try to download an app that it thinks is bad for a handset.