20% of Android applications put information at risk

20% of Android applications put information at risk

Twenty percent of applications available for Android phones are insecure, allowing third parties to access sensitive user data, according to a study by SMobile Systems, released this week.

The company, which provides security solutions for smartphones, analyzed the more than 48 thousand applications for the mobile operating system promoted by Google and verified which permissions are granted to them.

According to the experts, the opening of the Android Market is beneficial for programmers, who give more freedom in creating software, but it can cause security problems for business users, for example, leaving sensitive information vulnerable that can be stolen by cybercriminals.

Permissions, which «let» applications perform tasks such as initiating a phone call, accessing SMS or identifying the geographic location of the phone, are essential for programmers to develop useful software, but they can also serve to access personal data that used for harmful purposes, warn those responsible for the study.

In addition to this 20 percent that allow third parties to access personal data and sensitive information about the owners of the phones where they are installed, one in twenty Apps analyzed has the ability to automatically make calls to any number and 2 percent allows the sending of SMS for value added numbers, without any action or authorization from users (in addition, of course, to the installation).

Experts recognize that most of these applications were developed with the best intentions and the information should, in principle, not be compromised. But the truth is that there is already an example of a phishing application created to collect bank account data, which was later detected and removed from the Android Market, they warn.

According to SMobile, the operating system requires all applications to inform users about the permissions they involve, so that they can decide, with knowledge of their implications, whether or not they intend to install them. The problem is that there is no way to control whether the software will actually behave as described.