One in five Android apps are potentially insecure – report

Android logo

As many as one in five Android apps exposes users' private data to third parties, a new report claims.

With Android-based devices continuing to grow in number and popularity, the Android Market is flourishing, with almost 50,000 apps available to download.

But in its analysis of the security issues the operating system faces as it continues to grow, mobile security firm S Mobile Systems unearthed some disturbing facts.

Of the 48,000 apps it examined, some 20 per cent requested permission to access information that could be used maliciously by attackers.

A further five per cent granted unauthorised individuals permission to make a call, while three per cent could allow text messages to be sent without the user's knowledge.

And S Mobile revealed that a total of 29 Android apps were found to ask for the same kind of permissions seen in spyware applications.

"Just because it's coming from a known location like the Android market or the Apple App store (with the iPhone), it doesn't mean you can assume that the app isn't malicious or that there is a proper vetting process," S Mobile chief technology officer Dan Hoffman said.

The S Mobile report isn't the first time the Android Market's app-screening methods have been called into question. In January, an online banking app was found to instead be a link to a phishing site where users were asked to update their information.

All told, S Mobile says that in its tests, 20,000 apps nearly half of the entire Android Market requested user permissions that the firm would consider "suspicious". However, because developers generally use aliases and aren't linked to a specific company, getting a true sense of whether an app can be trusted is no easy task.

"The Android operating system and the Android Market are quickly becoming the most widely used mobile platform and app store in the world," said S Mobile's chief executive Neil Book.

"There are individuals and organisations out there right now, developing malicious code designed to capture your most personal information and use it to their advantage."