A latest research report on android applications says that almost 100,000 (officially, the number will be more than the mentioned one) android applications of Google Play, are inappropriate and suspicious. Bit9 published the report on suspicious applications with another report where they gave a brief analysis of all the 400, 000 applications available at Google Play.
A technology officer working with the Bit9 reported that a certain number of total 400,000 applications have access to confidential and potentially sensitive resources and having all these applications in the phone can be a threat to the user.
The experts suggested that if the application developers don’t follow these criteria as- proper rating for user, categorizing the applications properly, a certain number of downloads, maintaining the quality as a publisher; they are defined as questionable and suspicious.
According to the report, a majority of the android applications (considerably 72%) use one permission only and with the help of this permission, the application can gain access to confidential data, more than gaining access to the functionality of Smartphones.
However, the experts also suggested that the permission on application request doesn’t matter that much to consider it as suspicious. What matter here is that whether that permission is making any sense for the features of the applications and whether they are worthy or not.
They gave an example to state the matter clearly. If a social media application gain access to email records in phone, it won’t be considered as suspicious. However, if a wallpaper application can access personal data or email, it will obviously be considered as malicious.
42% of the total 72% applications can gain access to location data, (GPS) and 31% of the total number again can access any phone numbers and phone calls as well.
The technology experts of the organizations also suggested that 9% of the total analyzed applications, (400 000,) make use of the permission, which can price the money of a user.
Bit9 experts, who analyzed the applications, divided them in three categories (three buckets in technological term) based on three criteria- reputation of the application publisher, application category and permission request. They have assigned three colors green, red and yellow to mark the status of the applications. Here green means the application is trustworthy, yellow means the application is not malicious but not very trustworthy as well. As usual, red symbolizes danger and using the application should be avoided.
The company accordingly conducted a survey on uses of personal devices in offices to be sure of IT security and came to the conclusion that majority of the companies allows the employees to bring their personal devices at work to gain access to mails, scheduling, calendar, etc.. However, the authorities though don’t enquire that whether the applications, used in phones are safe for company network setting or not.
However, the report didn’t say actually that all the applications are malicious. The gist of the report is that most of the applications have the ability to contain more information than what users expect generally and when these devices start holding both personal and corporate data, it becomes a problem for both employees and individuals.