The report from Columbus, Ohio-based S-Mobile, says that a further 5% of apps grant third-party software access to make a call on the Android smartphone, while 3% can similar access to information to generate text messages.
S-Mobile conducted what it called an in-depth survey of some 20 000 apps on the Android smartphone operating system, and concluded that nearly half of the entire Android Market software requested user permissions that researchers would consider suspicious.
The situation is compounded, Infosecurity notes, as the company says that "dozens of applications have the identical type of access to sensitive information as known spyware."
"The Android operating system and the Android Market are quickly becoming the most widely used mobile platform and app store in the world", said Neil Book, S-Mobile's CEO.
"There are individuals and organizations out there right now, developing malicious code designed to capture your most personal information and use it to their advantage", he added.
The report, however, has stirred up a bit on controversy on IT news sites, while prompting a stern rebuke from Google as well.
“This report falsely suggests that Android users don’t have control over which apps access their data”, a Google spokesperson told Infosecurity via an e-mail statement. “Not only must each Android app get users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.”
The rush to publish details of the report has been characterized by some in the media as poor journalism. CNET retracted and updated its article on the findings to reflect that “users are granting permissions to apps when they download them”, while also changing the title to the original news piece.
ZDNet today highlighted potential conflicts of interest between S-Mobile and iPhone carrier AT&T that are not disclosed in the report:
SMobile Systems neglected to mention industry ties that rendered its report less credible. For example, their President and Vice President of Operations are former AT&T employees. AT&T is listed as a strategic partner of SMobile Systems on the company web site. (AT&T of course is the sole US carrier for Apple’s iPhone, a competitor to Android). And SMobile itself sells security software to address perceived threats that its reports "expose".