Would you give a company permission to access your phone’s camera and microphone at any point without you knowing it? This was agreed to over 2 billion times in our sample. How about access to everyone in your address book and the ability to contact them without your permission? This permission was agreed to over 400,000,000 times in our sample.
Last week we highlighted the FTC report focusing on 480 apps from Google Play that are marketed to children and contain permissions as far ranging as tracking the phone’s position and sending text messages from your phone without you knowing it. But these practices don’t just target kids’ apps.
Over the past 30 days, IP Lasso examined the wording in the permissions agreements of 21,000 apps that we scan for our clients in the Android market. The results were astounding.
It basically works like this – some app developers will pose as well known brands (think your favorite sports team, favorite show, or your kids favorite cartoon) and offer apps under the guise of those brands. When you (or your child) download the app you give the companies far ranging permissions, often without ever realizing it. The app companies are then able to take this information and sell it.
These are apps that we scan for our clients so it’s not a statistically random sample. But it’s also only 21,000 of the more than 700,000 Android apps on the market today.
And we’ve found that many of these apps are using unlicensed IP to increase installs, causing significant harm to the legitimate brand owners.
Is there a good reason for an app to take so much control of your device and personal information? Occasionally there might be, depending on the type of app. But you’re probably not aware of what the vast majority of these apps are able to o. And we think it’s time to start having that discussion.
Our next blog will look at projections for mobile malware next year: It’s a serious problem now; it will be even worse in 2013.