Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Android apps are leaking private info says researcher

According to the Dark Reading newswire, Daswani has analysed around 10,000 Android apps and found around 800 were leaking data to an unauthorised server.

In addition, says the newswire, Daswani and his team found that 11 of the applications were sending potentially unwanted text messages out to other smartphones.

"Some of these applications, once started, were sending premium SMS messages," Daswani told the newswire. "The user ends up paying for those messages, and they can be pretty expensive. It's sort of like the old [premium rate] number scams, where if you called once, your phone would continue to incur the charges over and over again."

And these scams, he says, are likely to continue until the cellcos - as well as the Android device vendors - can work out a methodology of how to handle marketing and sales messages on SMS.

In some cases, he adds, legitimate application providers are simply initiating SMS communications without the user's consent, because there aren't any rules that require such consent yet

Daswani's study will also reveal the results of a forensic analysis of Android apps, which already have been infected earlier this year with the Droid Dream malware

Interestingly, Dasient says it found many other instances of malware that attempts to take over control of the device at the root level, and even seeks to spread to other devices in a worm-like fashion.

"Once you have root-level control, you pretty much own the phone", Daswani told the newswire, adding that this is a problem that carriers and device makers will have to soon take action on.

Dasient also reportedly found that mobile malware can be delivered via drive-by downloads from legitimate applications, which Daswani says has interesting implications, since it means that mobile malware can be delivered through legitimate and popular applications.

Daswani went on to tell Dark Reading that drive-by downloads are likely be buried in the most popular applications, such as those listed at the top of the Android Marketplace screens.

What’s Hot on Infosecurity Magazine?