Apps drive mobile devices. There’s one for just about everything, including one to detect a bomb! But there’s a risk with apps: it has to access personal data in the device.
All apps ask for permission while downloading. The requests include access to data network, call records, GPS coordinates, rights to modify contents of SD card, etc. These look harmless, and we grant them permission. But problems emerge when the apps have Trojans (a form of virus) hiding in them.
Earlier this year, security firm Sophos detected a Trojanized version of the Angry Birds game. “Trojans can come disguised as wallpaper applications . They contain the malicious package within it and may be hard to uninstall,” says Ruchna Nigam, security researcher, Fortiguard Labs. Zitmo , she says, is a well-known banking Trojan (it has Symbian, Android and Blackberry versions) that can receive commands from the attacker to intercept SMS second-factor authentication banking tokens and forward them to the attacker, thereby exposing users to banking fraud.
Some applications, especially malicious ones, seek rights for activities unrelated to their function. When a music app seeks access to call records, you must wonder why, and check the credentials of the developer. It might be a safe app, but it is worth checking.
It found that in the cards and casino games category, 94% of free apps that could make outbound calls didn’t describe why they would use this capability. Similarly, 85% of free apps that could send SMS didn’t specify why they should do so, says Ravi Chauhan, managing director India and Saarc, Juniper Networks.
In the racing games section, 99% of paid apps and 92% of free apps had rights to send SMS, while 50% could use camera and 95% could initiate outgoing calls — without any explanation as to why they needed to do that.
The survey found that free apps were 401% more likely to track location and 314% more likely to access contacts than their paid counterparts.
This gives an impression that free apps access info to target ads. But out of the 6,83,238 apps examined, the share of those with the top five advertising networks was much less than the total number tracking location (24%).