Android application safety and security
Over the last few days there have been a number of blog posts and reports stating that ‘20% of Android Applications threaten privacy’ or ‘pose a potential privacy threat’. These sensational headlines came about after SMobile Systems published a white paper stating that this was the case (having done research to prove it). What has subsequently become clear is that SMobile Systems’ President and Vice President of Operations are former AT&T employees. As you will know, AT&T have the iPhone and Android is a significant competitor. Furthermore, SMobile Systems sell software for Android which protects against security threats. Overall, there is a huge amount of bias and cause for concern with their findings.
Some of the applications they consider a threat to your privacy are applications which manage your contacts. This is because these types of applications have access to your address book. Duh! The best thing about Android is that it always asks the user and informs them what applications are up to when they install or configure them.
Nonetheless, Google have recently removed a few applications from the Market because they (intentionally) try to deceive the user into what data they are accessing. Here is an official statement form Google,
Every now and then, we remove applications from Android Market due to violations of our Android Market Terms of Service or Content Policy. In cases where users may have installed a malicious application that poses a threat, we’ve also developed technologies and processes to remotely remove an installed application from devices. If an application is removed in this way, users will receive a notification on their phone.
Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.