Fifth of Android Apps Expose Private Data

WrongSizeGlass writes "CNET is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mail and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

Re:well well

[cduffy]

Err --

Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags. What this study (presumably) did is just check which apps have which flags set.

Thing is, when you-the-user install an app, you're told exactly which flags it has set, and given the opportunity to confirm or deny. In short -- if you're installing a lighter-flame gadget which says it's allowed to read your address book and connect to the Internet, and you click "OK", you deserve exactly what you get.

(Also -- misbehaving developers can, and sometimes do, have their signing keys revoked).

Summary is wrong and trolling

[recoiledsnake]

From the summary:

5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

Err, the mobile user was explicitly informed of this BEFORE the software is install. Don't believe me? Check this screenshot http://www.taosoftware.co.jp/en/android/wakeupcallmaker/img/wakeupcallmaker_install.png [taosoftware.co.jp]

I guess someone has an axe to grind against Android (hint, hint) just because there were stories earlier about the iPhone revealing the exact location of the users to applications and ads.

bogus interpretation

[Anonymous Coward]

The CNET interpretation of the study is bogus. It counts every app requesting full call permissions as potential spyware phoning home, and every app requesting full address book access as potential data-collecting trojan. Following this reasoning, every Windows program -- which can do pretty much anything with the Data on your PC data -- dangerous piece of potential malware.

Android apps may request permissions only in bundles. Just because an app requests, say, full address book access for updating some address data, doesn't mean it spys on your contacts. It doesn't even mean it actually uses the granted API calls at all.

Re:Operative words

[sarysa]

They got the figures by mining information from each app via the Android Market, or through one of the many aggregator sites like this one. [androlib.com] Permissions are publicly listed, so that's how they came to their figures.

But yeah, it's incredibly misleading. The user is warned on install and at the bottom of the application's description in the Market.

Nothing against Android...

[msauve]

...in particular. They're just selling anti-malware software for smartphones. [smobilesystems.com] They'll be glad to sell you protection for your RIM, WinMo, or Symbian phone, too. They're also glad to point out the danger you're in with those phones, too - lacking their product.

Re:Operative words

[Kristoph]

IPhone apps do not have access to email or text messages or the data in any other app except through a very well defined API that requires user confirmation in virtually all instances of data sharing.

In many cases there is no way to access the content of another app (email for example).

It it also not possible for an app to make a call without user confirmation and it is not possible to send a text message at all.

Now this is, in fact, sort of a pain because I'd really like to build an app that sends or receives text messages but it does make for improved data security.

Re:Most misleading article ever

[jeffmeden]

If 10,000 other people have installed it and everybody rates it 5-stars and there are no issues mentioned with it on the web, you can probably guess that it's not doing anything nasty with your information.

The way my mind works - when I read this, I couldn't help but think: "What, if any, kind of permissions warning do you get if the app is capable of going on to the market as you and rating itself 5 stars in your name?"

Disclaimer for the humor impaired: Mind you this is more of a joke than a suggestion of something that's at all likely.

His argument was laughable. You make the exact point that's needed; there is nothing to stop 10,000 genuinely happy, completely ignorant users from "loving" an app that makes fart noises while it secretly gathers contact lists or does other nefarious things completely behind the scenes. The users won't know there's a problem until it's too late; their private data will be in the wild. Then, all the 1-scores or "report app" dings that the app gets won't get their data back.

Assuming that a gaggle of non-experts can give you a good assessment of the security of the app is ludicrous. Maybe, if there were a "score by developers" rating where other registered devs that have looked at the code and given it a brief audit for security purposes, it would put my mind at ease a *little*.

Re:Operative words

[mweather]

IPhone apps do not have access to email or text messages or the data in any other app except through a very well defined API that requires user confirmation in virtually all instances of data sharing.

As does Android. Th

Re:Operative words

[SighKoPath]

As an example, here is the warning text from the most recent update to the Google Maps application:

This application has access to the following:

• Your personal information: read contact data, write contact data
• Services that cost you money: directly call phone numbers
• Your location: coarse (network-based) location, fine (GPS) location
• Network communication: full Internet access
• Your accounts: Google Maps, manage the accounts list, use the authentication credentials of an account
• Storage: modify/delete SD card contents
• Phone calls: read phone state and identity
• Hardware controls: record audio
• System tools: prevent phone from sleeping, retrieve running applications

These are all displayed to the user in big orange warning text, with an OK/Cancel button below 'em. Every application in the market does this sort of thing, so the user knows exactly what every app is able to do. The article looks like FUD to me.

Re:Operative words

[amRadioHed]

Does it? I've used several apps that have had access to my text messages, and I've never been presented with a confirmation request from them.

Re:Operative words

[pegisys]

You have to OK all the things that an app can touch before you install it, if you go installing apps without looking at what it can possibly touch then that is your problem. That is unless there is an exploit that allows developers to access features that it does not specify in the application manifest.

Re:Operative words

[Anonymous Coward]

It needs to read if the phone is in suspend mode or not to save battery, and it needs to write to the SD card to cache data.

Dunno what it's recording audio for, though.

Re:Operative words

[rjstanford]

The beauty of open source is not that you personally can check all of your installed apps to make sure none of them are doing anything evil (although that is a good thing). It's that there are thousands of eyes looking over that source code

Actually, I believe that you'll find that there are thousands of eyes belonging to people who are saying exactly what you are saying... which is why even obvious exploits have lived in massively used packages for months at a time.

After all, if you can't be bothered, why assume that anyone else can?

Re:Operative words

[Macthorpe]

It asks you before you install the app so it doesn't bug you every five minutes after you install it when it tries to do things you're already aware it's going to do.

Re:Operative words

[Actually, I do RTFA]

And when every app just lists every possible thing they could do (as the Google Maps app seems to), you might as well not have fine grained access control. Welcome to Windows (pre-Vista).

Re:Operative words

[malakai]

Google map app has built in voice search that I don't think is at the OS level. For example, if you click the mic button while in map mode and say "navigate to gas station" it goes into nav mode to the nearest gas station.

Don't think of it like the web based google mas, think of it instead as a hand-free car's navigation system. It will also dial numbers for you, including knowing to dial where your driving to ( "Dial Destination or some such magical phrase).

Re:Operative words

[DJRumpy]

Then it might be more useful, and secure, to note in the warning that they cannot initiate a call without user action. I got the gist from the article that the sandboxing isn't that specific, meaning once you grant access, it's all or nothing.

Specifically, once you grant an App the ability to dial a number, can it do so without user intervention? Will it prompt after future updates?

It seems like an important security feature. The same with audio recording, accessing personal information, etc. All it would take would be an unscrupulous developer who had a seemingly innocent app, who later pushes out updates that allow this access behind the scenes, or one who doesn't even bother with an app update to hide what their doing, much like the banking software that was used to store users banking credentials.

http://www.sophos.com/blogs/gc/g/2010/01/11/banking-malware-android-marketplace/ [sophos.com]

sandboxing, not just signing

[yyxx]

Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags.

Older phone operating systems use that technique; it isn't very effective.

Android actually sandboxes the application, ensuring that the permissions it requests are the only permissions it actually gets. Signing on Android is not used for verifying permissions but for "establishing trust relations" between multiple applications--making sure that if you call Jack's Barcode Reader, you actually get that application, not an impostor.

Of course, iPhone/iOS doesn't have either kind of permission system; on iPhone/iOS, you have to cross your fingers that Apple's review process somehow catches evil applications. Of course, given how shoddy and haphazard that process is, that's not a good bet to take.