The report from Columbus, Ohio-based S-Mobile, claims that around 20% of the 50 000-plus apps in the Android operating system market allow third-party software access to on-phone data, meaning that the information could used maliciously by hackers.
The report, however, has stirred up a bit on controversy on IT news sites, while prompting a stern rebuke from Google as well.
“This report falsely suggests that Android users don’t have control over which apps access their data”, a Google spokesperson told Infosecurity via an e-mail statement. “Not only must each Android app get users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.”
The rush to publish details of the report has been characterized by some in the media as poor journalism. CNET retracted and updated its article on the findings to reflect that “users are granting permissions to apps when they download them.”
ZDnet today highlighted potential conflicts of interest between S-Mobile and iPhone carrier AT&T that are not disclosed in the report:
SMobile Systems neglected to mention industry ties that rendered its report less credible. For example, their President and Vice President of Operations are former AT&T employees. AT&T is listed as a strategic partner of SMobile Systems on the company web site. (AT&T of course is the sole US carrier for Apple’s iPhone, a competitor to Android). And SMobile itself sells security software to address perceived threats that its reports "expose".