BEST OF THE WEB

Be wary in Google, Apple app stores, report suggests

With hundreds of thousands of Android and Apple apps in their respective markets, the world may seem to be a smart phone owner’s delight.

But availability doesn’t mean security. As security writer Graham Cluley notes in this posting, the issue was the subject of a paper presented last week in Berlin by researchers from antivirus software maker Bitdefender.

The staffers looked at over 800,000 apps in the Google Play and iOS App Store and didn’t like what they saw, including  apps that downloaded sensitive information from mobile devices over unsecured connections.

Apple and Google say they screen apps before releasing their in their stores, but only for malware and not what I would call risky behavior like capturing the user’s email address.

But this is somewhat of a “cup half-full/half-empty” report from the vendor”:  Out of 630,000 Android apps, 3.71 per cent transmitted a user’s email address to the developer.  One way to look at that is it’s a pretty small percentage. The other way, of course, is that there are about 23,000 apps in Google Play that take your email and do heaven only knows what.

Similarly, Bitdefender found 0.44 per cent of Google Play apps and 0.51 per cent of iOS apps used an unencrypted connection for authentication and registration. A small number, but still, if you don’t know which ones it leaves the possibility of hackers stealing email addresses and passwords.

The report found it’s not just poorly-coded (or deliberately coded) apps that are problematic. Third party advertising libraries are also culprits.

Finally, as many have noted, the most likely apps to be wary of if you don’t know where they came from are games. The Google Play store included at the time of the study some 5,000 repackaged apps of originals including bogus versions of certain games.

The message is users still have to be careful in these stores, and to rely on the advice of trusted and experienced friends or Web site reviews.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web