Over 100,000 Android apps suspicious

A security software firm has analysed over 412,000 apps from Google Play and discovered that an alarmingly high number access personal information.

Michelle Starr Science editor
Michelle Starr is CNET's science editor, and she hopes to get you as enthralled with the wonders of the universe as she is. When she's not daydreaming about flying through space, she's daydreaming about bats.
Michelle Starr
2 min read

Security software firm Bit9 analysed over 412,000 apps from Google Play and discovered an alarmingly high number that are accessing personal information.

(Credit: Google; CBSi)

As of late September, there were 675,000 apps on Google Play — a figure that is rapidly approaching Apple's number. But according to research conducted by Bit9, as much as a quarter of those apps could be questionable.

The company analysed 412,212 apps and found that around 72 per cent of those apps have permissions that either access private data, or give the app control over one or more of a smartphone's functions.

As Bit9 said in a blog post, the company took into account when those permissions made sense for an app's function to then make a judgement on whether an app was dodgy.

It is less suspicious for a social media app to have access to email contacts than it is for a wallpaper app to do the same. We took into account information about the publisher, the number of high-risk permissions requested and the category of the application, and grouped our results into three buckets: green (trustworthy), yellow (low trust, but not malicious) and red (no trust and suspicious). We found that 25 per cent, or more than 100,000 apps, fell into the red category.

The idea of the research, Bit9 said, was not to cry "The end is near!", but to draw attention to the potential security issues that apps can pose — a position backed up by security software firm Symantec.

Symantec posted an announcement on its blog that it has, to date, identified over 250 apps (200 of which are still available on Google Play) that send simulated SMS messages to the user's inbox, usually for the purposes of advertising.

Bit9 compiled the results of its research in the infographic below. If you want to be a little more diligent in checking your apps as you download them, we've found that AppBrain Ad Detector, avast! and AVG Antivirus are efficacious at identifying potential security issues.

(Credit: Bit9)