Popular Android apps leak private information

AhnLab identified many popular Android apps are asking for excessive permissions to access to the user data.

AhnLab analyzed 178 best rated android apps using AhnLab Mobile Smart Defense (AMSD), cloud-based application analysis platform which verifies the security of Android apps. AMSD scanned 178 apps in five different types of permissions including: Personal information access, service information access, location information access, service charging and device information access.

In this analysis, the degree of risk was marked on a scale from 1 to 100 by each type of permission, and the apps recorded 60 and above are classified as malicious.

According to the app analysis data extracted by AMSD, 42.6% of all apps examined are requiring excessive permissions for device information access. 39.3% of apps are asking for excessive permissions for location information access, followed by personal information access permission at 33.1%, and service charging at 8.4%. None of apps require excessive service information data.

With this kind of potential threat – excessive permissions to access to the user data-, malicious hackers can steal the victim’s mobile banking information by snatching the texts and emails in victimized smart phones.

Attackers also can make clone smart phones or deliver unwanted pay-per-use services with leaked device information. With stolen location information, hackers can locate the victims to stalk.

“As many users selects Andorid based smartphones, the number of malicious codes which target personal information or payment information is also increasing,” said HoWoong Lee, director of the AhnLab Security E-response Center. “This kind of malicious behavior can be even more dangerous when it comes to stealing the banking data. It is very hard for the victims to notice the malicious behavior as it is run behind the normal application,” he continued.