Bit9 examined the security permissions of more than 400,000 Android applications. Criteria for defining an application as “questionable” or “suspicious” included the permissions requested by the application, categorization of the application, user rating, number of downloads, and the reputation of the application’s publisher. In its examination of the more than 400,000 Android apps, Bit9 found that 72 percent use at least one high-risk permission.
In addition, the company found that:
- 42 percent of applications access GPS location data, and these include wallpapers, games and utilities
- 31 percent access phone calls or phone numbers
- 26 percent access personal data, such as contacts and email
- 9 percent use permissions that can cost the user money
In addition to this comprehensive research, Bit9 conducted a survey of IT security decision makers who collectively influence mobile device usage policy for more than 400,000 employees.
Almost three quarters of those surveyed said their organization allows employees to BYOD to work and access company email, calendar and scheduling—a risky decision given the significant percentage of applications Bit9 found with access permissions to these programs. Of the IT security decision makers surveyed:
- 78 percent feel phone makers do not focus enough on security
- But 71 percent allow employees to bring their own smartphones to the workplace
- 68 percent rank security as their most important concern when deciding whether to allow employees to bring their personal devices to work
- But only 24 percent of companies employ any sort of application control or monitoring to know what applications are running on employees' mobile devices
- Only 37 percent have deployed any form of malware protection on employee-owned devices
- 84 percent of respondents believe iOS is more secure than Android.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.