(FUD) Report: Android Market loaded with malware/spyware
SMobile Systems, a company that sells Android security for $29.99 per year, has released a report that indicates one of every five of Android applications access your private data. Of course, discovering that you have unwittingly allowed a stranger to peek into our private life is enough to make a person turn their back entirely on a given platform’s mobile apps that have access to, say, financial information. However, having access to data does not indicate the distribution or misuse of it.
SMobile Systems utilizes an automated analysis system that logs the permission requests of applications. The data is then interpreted to assess security risks:
“Since is possible to identify whether an application may be malicious by the permissions it requests, a large scale analysis of the Android Market was conducted to gain further insight into its applications.” [emphasis added]
After analyzing over 48,000 apps in the Android Market via this largely automated process, SMobile Systems determined, among other things, that:
*383 applications were able to read or use authentication credentials from other apps
*29 applications request identical permissions as software considered malware by SMobile Systems
*8 applications request permissions that, if allowed, would facilitate the capability of bricking a device.
The report also indicates that a number of apps can make phone calls or send SMS messages that could incur substantial charges for the phone owner, though the purpose for such capabilities and the criteria for maliciousness are not established in the report; only applications’ technical abilities.
As frightening as the test results are, remember that the report belongs to, and was funded by, a security firm with software to sell. While I do not doubt the soundness of their data collection methods or that security threats are present in the Android Market, SMobile Systems’ interpretation of the data and the wording of their presentation of that data could easily be called into question. Please read the report for yourself here.
Via cnet
![SGP Neo Hybrid for Galaxy Nexus [Video]](http://www.droiddog.com/wp-content/uploads/2012/02/DD.png "SGP Neo Hybrid for Galaxy Nexus [Video]")
I call FUD. All they're looking at are permissions? Permissions DO NOT definite spyware/malware. Stop this madness.
Study performed by SMobile Systems. Solution offered by SMobile Systems.
How can you even report this ****, guys?
I love the photo on their online store page. The Nexus One runs Symbian now?
I love the photo on their online store page. The Nexus One runs Symbian now?
Other sites are lending the report too much credibility and I countered that.
I agree that this report is complete BS. The vast majority of apps that request access permissions have legitimate reasons for doing so. For example, a mapping app will need access to the GPS. Or an app that can dial a phone number will need access to the phone dialer. Maybe there are some abusive apps, but this report makes no attempt to identify or quantify those.
*facepalm* C'mon, John. I'm definitely one of your avid readers… you provide some of the consistently best content on DroidDog. But this is straight up FUD.
A lot of the permissions cover a broad subset of use cases. Just because my keyboard requests the READ_CONTACTS permission doesn't mean it's mining a database of your personal contact information so I can sell it to some spammer overseas. I'm using it to put your contact names into the user dictionary.
There's also the case where an app has to access or display your phone number for whatever reason. I believe that same permission applies to “making phone calls”.
I think my main problem with this article is the subject line. Yeah, it's probably effective in getting us all to click, but this is definitely not a reason for any of us to start worrying about malware protection on our Android devices.
Thank you for your comment, and I appreciate you reading/watching our content regularly.
I updated the title to include “(FUD)”
I think that must be the problem here, and perhaps I should have been more clear. I chose to write this post specifically as a balance against the other net coverage I was reading, most of which covered the report as though it came from an entirely unbiased source with no motives outside of informing the public. It was not my intent to get people to click and then scare them, but I can see how I made a poor choice of title.
Thank you for your feedback.
Agree with your article completely, John. Apple's walled garden approach has so many limitations which can never make your device as secure as a platform which has a good/solid local security model, infact it lulls them into a “false sense of security” which is a disaster waiting to happen.
I did a post that does a detailed and informed comparison of Android and Apple security models here:
Android vs iPhone: Security Models Comparison
I had avast antivirus but uninstalled it (had it for approximately 3 – 4 years) because it kept on prompting me to reboot even after just logging on to the internet. Their latest version is 4.8. I got sick of the popup messages so I went looking for another antivirus program which is just as good as avast. I did a search on the internet and I came across Comodo antivirus and it's free. It also has Comodo Internet Security (which is also free) and I also use Comodo Antispam which I would recommend to anybody looking for such a program. I don't have any spyware removal software as yet, so can anybody recommend a good one? I am very security conscious.
_______________________________
spyware removers
I had avast antivirus but uninstalled it (had it for approximately 3 – 4 years) because it kept on prompting me to reboot even after just logging on to the internet. Their latest version is 4.8. I got sick of the popup messages so I went looking for another antivirus program which is just as good as avast. I did a search on the internet and I came across Comodo antivirus and it's free. It also has Comodo Internet Security (which is also free) and I also use Comodo Antispam which I would recommend to anybody looking for such a program. I don't have any spyware removal software as yet, so can anybody recommend a good one? I am very security conscious.
_______________________________
spyware removers