Published November 09, 2012
Thanks to liberal BYOD policies, employees' smart devices are able to access sensitive company information. Meanwhile, most employers have no true view into the integrity and vulnerabilities of the apps on employees' devices. Android devices, by accounting for more than half of the global smartphone market , could pose a particularly enormous security risk by harboring unauthorized and malicious applications, a new analysis has found.
An analysis of the apps in Android's office Google Play marketplace determined that a quarter of the apps —more than 100,000— are "suspicious" or "questionable" based on the permissions requested by the app, the categorization of the app, user rating, number of downloads and the reputation of the publisher.
The analysis was conducted by Bit9, a corporate IT security solutions provider, based on an examination of more than 400,000 of the reported 600,000 apps available in the marketplace.
Because the average mobile device has 41 apps installed on it, potentially 10 apps could be programmed for some level of suspicious activity, Bit9 said.
Even more troubling is that 72 percent of all the Android apps evaluated request at least one high-risk permission. Google defines a high-risk or dangerous permission as a "permission that would give a requesting application access to private user data or control over the device that can negatively impact the user."
These apps generally ask for permission to access more information than their basic functionality requires, such as GPS tracking or access to phone numbers and personal information such as email and contacts.
The addition of third-party markets available to Android users exacerbates the problem, Bit9 said. Unlike Apple's iOS, Android owners do not have to "jailbreak" their devices to install apps from "unknown sources."
This gives Android users broad capability to install pirated, corrupted or banned apps from Google Play simply by changing a systems setting. While this provides further incentive for the user to install third-party applications, it also exposes organizations to significant security risks.