Mobile devices and applications are no longer an accessory – they’re central to our daily lives. Gartner predicts the number of mobile apps downloaded will double to 45 billion this year – and they’re only getting smarter. Today’s apps are increasingly essential to accessing critical business applications, connecting with friends on the go and even adopting digital wallets.
While these apps make our lives easier, they also give a wider group of application developers and advertising networks the ability to collect information about our activities and leverage the functionality of our devices. At the same time, the companies, consumers and government employees who install these apps often do not understand with who and how they are sharing personal information. Even though a list of permissions is presented when installing an app, most people don’t understand what they are agreeing to or have the proper information needed to make educated decisions about which apps to trust.
More concerning is that many apps collect information or require permissions unnecessary for the described functionality of the apps. This is not the first time this issue has surfaced – reports of popular apps collecting irrelevant information or transmitting data when devices are turned off has led to significant backlash. However, less is known about the state of privacy across the entire application ecosystem.
To get a sense of the state of application privacy today, Juniper Networks’ Mobile Threat Center (MTC) analyzed over 1.7 million apps on the Google Play market from March 2011 to September 2012.
Topline Findings
We found a significant number of applications contain permissions and capabilities that could expose sensitive data or access device functionality that they might not need. We also determined these apps had permission to access the Internet, which could provide a means for exposed data to be transmitted from the device. Of particular interest, free applications were much more likely to access personal information than paid applications. Specifically, free apps are 401 percent more likely to track location and 314 percent more likely to access user address books than their paid counterparts.
While these apps make our lives easier, they also give a wider group of application developers and advertising networks the ability to collect information about our activities and leverage the functionality of our devices. At the same time, the companies, consumers and government employees who install these apps often do not understand with who and how they are sharing personal information. Even though a list of permissions is presented when installing an app, most people don’t understand what they are agreeing to or have the proper information needed to make educated decisions about which apps to trust. More concerning is that many apps collect information or require permissions unnecessary for the described functionality of the apps. This is not the first time this issue has surfaced – reports of popular apps collecting irrelevant information or transmitting data when devices are turned off has led to significant backlash. However, less is known about the state of privacy across the entire application ecosystem.
To get a sense of the state of application privacy today, Juniper Networks’ Mobile Threat Center (MTC) analyzed over 1.7 million apps on the Google Play market from March 2011 to September 2012.
Topline Findings
We found a significant number of applications contain permissions and capabilities that could expose sensitive data or access device functionality that they might not need. We also determined these apps had permission to access the Internet, which could provide a means for exposed data to be transmitted from the device. Of particular interest, free applications were much more likely to access personal information than paid applications. Specifically, free apps are 401 percent more likely to track location and 314 percent more likely to access user address books than their paid counterparts.
- 24.14 percent of free apps have permission to track user location, while only 6.01 percent of paid apps have this ability;
- 6.72 percent of free apps have permission to access user address books, while 2.14 percent of paid apps do;
- 2.64 percent of free apps have permission to silently send text messages, whereas 1.45 percent of paid apps can;
- 6.39 percent of free apps have permission to clandestinely initiate calls in the background, while only 1.88 percent of paid apps do; and
- 5.53 percent of free apps have permission to access the device camera, whereas only 2.11 percent of paid apps have this access.
by Daniel Hoffman, Juniper Networks | Read more:
