updated 04:15 pm EDT, Thu June 24, 2010
Study warns some Android apps have too much access
At least 29 apps on Android Market have system level access that would be considered spyware on a PC, S Mobile Systems claimed in a warning study. When installed, the app group gave enough permission that they could represent serious privacy and security breaches. In one example, a mobile banking app was deliberately malicious and ultimately sent login data from an account to the developer's site.
The mobile security firm went on to suggest that as many as 20,000 Android apps have permissions levels that are "suspicious" but stopped short of calling them hostile. Many of these asked for permission to use contacts, the dialer and the GPS positioning. Google, however, has pointed out that every Android Market app must make clear what it does before the user agrees to download and install it.
"Not only must each Android app gets users' permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities," the company said in a statement to the Inquirer. "And we will disable any apps that are found to be malicious."
The remarks came just as Google noted that it had pulled two apps late Wednesday. Two apps designed by a researcher to misrepresent their purpose, albeit without malicious code, were pulled using Google's authority to remotely delete apps. Company evangelist Tim Bray stressed that the company would only do this "in case of an emergency," such as with a spreading virus.
Both of the instances represent a contrast in philosophy with Apple and its App Store. The company has considerably tighter restrictions on which apps are allowed but has yet to have an instance of a publicly known malicious app. Critics have charged that its approach also prevents tight integration between apps and has sometimes been used to discourage competing apps.