According to a recent study, 72 percent of all Android applications in the Google Play Store request access to at least one extraneous permission that it doesn’t inherently need to function properly. This number may seem alarming, but let’s break down some of the research firm’s so-called “results.”
According to the published findings:
72 percent of all Android apps (more than 290,000) access at least one high-risk permission.
21 percent (more than 86,000) access five or more.
2 percent (more than 8,000) access 10 or more permissions flagged as potentially dangerous.
As you can see, Bit9 claims 290,000 apps to be labeled as “high risk” which it says equates to 72 percent of all apps available on the Play Store. But wait–Google just announced that the Play Store now houses over 700,000 total applications. So, it appears as though the company’s findings were based on a sample of 400,000 apps. A statement from Bit9 reveals the method by which risky apps were determined:
“We determined the risk level by relating the degree of privacy intrusion or the capability of the permission (e.g., ability to wipe devices or change systems settings). Risk levels, however, do not attribute malicious activity to the identified apps, but allude to the capability of the app to do damage if compromised. Many apps also ask for permissions that are not essential to their advertised functions.
Another concern is the significant level of variant apps in relation to popular “known” titles. For example, of the 115 apps that contain the words “Angry” and “Birds” in the title, only four are from Rovio Mobile (the official publisher of the Angry Birds app). Among them, “Angry Birds Live Wallpaper” requests twice as many permissions as the original Angry Birds game app, including fine-grained GPS location tracking.”
It’s important to note that these applications are not considered malware. Instead, they simply require more permissions than they actually need to perform their desired function. And while this may be a decent determinant in evaluating the potential security risks of applications on the Play Store, without testing all available apps, the results will undoubtedly be inaccurate and skewed.
It’s unfortunate that Bit9 didn’t just finish evaluating the other 300,000 apps, though that would obviously be an expensive and tedious task. Nonetheless, these reported figures are astonishing. So remember, whenever installing an application, whether it be on the Play Store or not, be sure that you read the full list of required permissions. This will help cut down on the possibility of installing a malicious or risky application.
For more help with security for your Android device, be sure to check out our Android Security Hub.
Source: Bit9