The Android Market’s openness comes with a significant hitch: a full 20 per cent of its app offerings can access and share your private data. Some can even make calls and send texts from your phone without your knowledge or consent. Scary.
The report, from security firm SMobile Systems, also found that dozens of apps in the Android Market act basically as spyware:
29 applications were found to request the exact same permissions as applications that are known to be spyware and have been categorized and detected as such by SMobile’s solution. A full eight applications explicitly request a specific permission that would allow the device to brick itself, or render it absolutely unusable. 383 applications were found to have the ability to read or use the authentication credentials from another service or application. Finally, 3% of all of the Market submissions that have been analyzed could allow an application to send unknown premium SMS messages without the user’s interaction or authorization.
Granted, 29 out of 65,000 is an extremely small percentage. And included in that alarming 20 per cent figure are several apps with no malicious intent. As SMobile itself points out:
“Without question, a majority of these applications were developed with the best of intentions and the user data will likely not be compromised.”
So yes, you should take the figure with a grain of salt. But it’s still an important reminder that as the Android Market ecosystem grows, there’ll be more and more predators to populate it. [SMobile (PDF) via CNET]
Art Nau
Thursday, June 24, 2010 at 9:38 AMhow about we stop crying about privacy this privacy that and accept that its a new tech age and its not gone be the same…
if u wanna be private stay in a cage…
Bart
Thursday, June 24, 2010 at 11:38 AMA lack of privacy is a cage.
I want a third party to have to ask for my approval before accessing my “private” data and tell me what they they intend on doing with it.
Before they actually do it.
I really don’t want a company like say facebook publishing my most dialed numbers, or a list of all the contacts in my phone.
And that’s avoiding the issues of “evil” apps that can make secret premium calls/sms’s that cost me a fortune. Or the other more direct thief who uses your phones camera/gps to see if you’re worth robbing.
Privacy is not a issue we can afford to let slip.
Sutter
Thursday, June 24, 2010 at 10:06 AMIf this article had the word “Apple” in it, it’d be full of Android fanboys crying about how terrible iPhones are.
Why aren’t they here now telling us how terrible this is?
matt
Thursday, June 24, 2010 at 10:57 AMbecause, with Apple, all the BS control and restrictions and everything you have to put up with… protection from things like this is meant to be your reward. if you have to put up with all that crap and Apple STILL couldn’t deliver on the ‘benefits’ it supposedly brings, then yes, we would call them out on it.
as for android: you don’t have to put up with any of that crap. as such dealing with stuff like this is the well known reality of freedom (you have used windows before right?)
Android users have NO expectation that Android protects them from stuff like this, and they certainly don’t jump through any hoops in the promise of that, unlike with Apple.
having said that, I would have thought the official marketplace was moderated like the Apple one is? if not: I fully support the itunes store for what it is, but NOT as the ONLY option.
all you need is a simple compromise: one that jail breakers have had for a while now. have an ‘official app store’ where a third party stake holder (google, apple ect) moderates the apps and gives some sort of quality guarantee and fully discloses all the functionality of each app, rejecting things like spyware, buggy software ect (but not going as far as censorship, or rejecting app’s that might threaten said moderator’s business model). one where basic users can download apps with confidence.
AND THEN:
still allow the installation of ‘unsigned’ apps, apps from any source, with a BIG disclaimer saying that quality, functionality, safety, privacy ect are not guaranteed.
just like Windows does with it’s drivers (and software to an extent, with its trusted publishers stuff, although that’s a bit vague)
basic users are safe and happy, and power users have their freedom.
win win.
Wozza
Thursday, June 24, 2010 at 6:18 PMBig call Matt – “Android users have no expectations…”. Unless it is included in the phone documentation (ie – don’t have any expectations about this phone..) then I would suggest that phone users IN GENERAL have expectation about privacy and protection. Android users WOULD have expectations – I know that I did!!!
Tristan Cox
Thursday, June 24, 2010 at 10:21 AMI’m disappointed in you, Gizmodo. It’s pretty obvious that this is just SMobile trying to drum up a market for their spyware software. The study itself is hopelessly inadequate because it doesn’t look at what the apps DO with the permissions. For a dialer replacement app, for example, access to your contacts and the ability to make calls is entirely appropriate.
Superintendent 'Fanboy' Chalmers.
Thursday, June 24, 2010 at 10:27 AMThis is..er..terrible. Android phones will bring about the destruction of the human race…probably. SKINNER!!!
Bobbobboy
Thursday, June 24, 2010 at 12:15 PMThe h4crz iz in me droidz st44l1ngz my donuts
coder
Thursday, June 24, 2010 at 12:31 PM@Bart: when installing apps from Android Market, users DO get prompted to accept that an app can access various features within the phone.
Akin to applications on a PC/Mac, if u install malware then u r installing malware…u have the freedom to do it.
The features that can be used for malicious intent have many Use Cases that are not malicious. So, as always, it comes down to Trust – in this case, is the developer of an App trustworthy or not?
If u want a safety-net (u might one of those people that just can’t stop opening dodgy content on the net) then get a malwsre/virus scanning tool!! (e.g. Norton antivirus for Android).
IPhone is comparable to android like a turd is comparable to a bar of chocolate.
boc
Thursday, June 24, 2010 at 1:51 PMYou’re entirely correct.
Every app installed from the Market displays a page during installation that asks you to approve a thorough list of services the app will hook into.
If you’re worried about what the app will do on your device then you’d want to read through that screen carefully before clicking continue.
I think it would be good if that screen had a big fat red highlight for the more sensitive services that the app is trying to get access for.
I know when you uninstall an app the Market asks why and there is an option to say that the app is malicious. I wonder if that triggers a Google investigation or pulls the app from the Market?
Regardless I think there are adequate measures in place for now. For iPhone users to switch, Android will need to beef up protection though.
matt
Friday, June 25, 2010 at 12:07 PMwow really? I’ve never used android, from this article you would think the market place was just automatically installing malware on your phone while you sleep! this is the type of stuff I’d expect. though I would still prefer a store (maybe a premium ‘certified’ store) where app devs paid Google more to actually certify their app before launch, and then people could buy from that store in the same confidence they buy from the app store. but still have the freedom that comes with getting apps from anywhere, if they wanted
boc
Saturday, June 26, 2010 at 3:02 PMYes really.
The Market still has a long way to go. I believe it’s getting an upgrade alongside the Android 2.2 release. Though I don’t think it’ll address what you’re suggesting which isn’t a bad idea.
Brock Taffe
Friday, June 25, 2010 at 12:07 PMHoorah I’m a Mac boy here to say, Android Fails!
I don’t really care about the whole app privacy thing. I can pretty much do everything i want to do on my iPhone. Yeah you might say something stupid like Iv’e been brainwashed by Steve. But hey it comes down to choice of what i like.
I used an Android recently at a Telstra Store and it was just plain clunky and not very well designed, every app now and then crashed and when i was multitasking the phone slowed down and i had to manually quit apps. Then i just put the phone down and the lady at the Telstra store asked me if i wanted any help and i just said this thing is a piece of shit.