A number of applications on Android app store, especially free apps, collect information or require permissions unnecessary for the described functionality of the app, according to a new study by Juniper Networks.
“We found a significant number of applications contain permissions and capabilities that could expose sensitive data or access device functionality that it might not need. Of particular interest, free applications were much more likely to access personal information than paid applications. Specifically, free apps are 401 per cent more likely to track location and 314 per cent more likely to access user address books than their paid counterparts,” concluded the study, after analysing over 1.7 million apps on the Android market from March 2011 to September 2012.
The study also warned that there could be possible misuse of these permissions. “An application that can clandestinely initiate a phone call could be used to silently listen to ambient conversations within hearing distance of the mobile device,” the study warned.
“Silently sending SMS messages can also be a means to create a covert channel for siphoning sensitive information from a device. Further, the potential for stealth SMS messages or calls can have monetary repercussions by communicating with services that will subsequently charge a fee, such as calling a 1-900 in the US or sending premium SMS messages,” it further added. However, Ravi Chauhan, managing director, Juniper Networks, India and SAARC, said that several applications collect information and ask for permissions that are completely legitimate. Also, developers offer their apps for free in exchange for this information.
“There is no such thing as a free lunch in the mobile ecosystem. Often, the value provided by the app is worth the information given by a user. However, many do not realise that this tracking is happening and that hence they may not be making informed choices. Our research helped illuminate that even when permissions are communicated the reason for these permissions was not always clear, leaving consumers in the dark about how their information was being used,” he added in an email to The Mobile Indian.