JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Free gambling apps top security risk list

Date

Mahesh Sharma

Zoom in on this story. Explore all there is to know.

Millions of users at risk from "vulnerable" apps ... Android.

Millions of users at risk from "vulnerable" apps ... Android.

Free casino and racing game apps pose the biggest security risk to smartphone users, according to a new report.

The Android apps, downloaded via the Google Play store, have been revealed as the biggest offenders when it comes to accessing device functions such as camera and address book for unknown purposes.

The finding is of concern not only to individual users, but also companies struggling to manage the security of a growing fleet of bring-your-own mobile devices.

Juniper Networks's Mobile Threat Centre found that hundreds of thousands of apps could expose sensitive data or access unnecessary device functionality, after it analysed over 1.7 million apps on the Google Play store between March 2011 and September 2012.  

Apps traditionally collect user information to serve relevant content from third-party ad networks, but the research found there was a very low percentage of ads being distributed via the top five ad networks. It concluded the apps were collecting the information for other purposes.

Last month, another study found Android apps were leaking personal information.

For the latest study, the MTC installed the apps and checked that the description of their features warranted the permissions being requested. It also looked at how many ads were served by the apps. The figure of 1.7 million includes apps withdrawn or blocked from the Google Play store during the research, and newer versions of some apps.

The report detailed concerning app "behaviours" some can discreetly initiate outgoing calls, which can be used to eavesdrop on ambient conversations within hearing distance of the mobile device; some were allowed to send text messages and create a "covert channel to siphon sensitive information from the device"; some can use the device's camera to potentially obtain photos and videos of the surrounding area.

The gaming and racing apps blatantly overstepped permissions that were more than adequate for normal use.
Free card and casino games apps, which simply imitate popular casino games for fun, accessed a number of features without justification: 94 per cent accessed phone calls, 83 per cent accessed the camera, 85 per cent could send SMS.

Racing games was the most concerning category, according to the report, which noted that during the research period there was an "abnormally high" number of apps removed from the marketplace.
"This category contained the highest number of applications that the MTC would consider to be newly discovered malware."

Ninety-nine per cent of paid, and 92 per cent of free, racing game apps could send SMS; half of free downloaded apps could use the camera; 94 per cent of free games could make outgoing phone calls.
There are some legitimate reasons to access these features. In some cases, casino apps accessed the camera so users could insert a personal background picture into the interface. Some financial apps also allowed users to call financial institutions.

Overall, compared to their paid counterparts, free downloads were four times more likely to track location - a quarter of all free apps were allowed to track user location - and they were three times more likely to access user address books.

The report author Dan Hoffman, chief mobile security evangelist at Juniper Networks, said developers should better explain why an app needed to access certain features. Apps should only ask for permissions if absolutely necessary to function, and they should inform users of exactly how their data and device are used.

"It seems there is no such thing as a free lunch in mobile," he wrote.

"If people choose to use free applications, they will likely need to provide information in exchange. Many do not realise that this tracking is happening and may not be making informed choices."

The report said Apple does not disclose information about its apps.

Pure Hacking chief technology officer Ty Miller said hackers could control the apps to attack users, even if the apps weren't developed for malicious purposes.

Miller said that, generally, mobile developers didn't code with the same level of maturity as their enterprise counterparts, who were more security-conscious. They often requested as many permissions as possible to ensure their app works.

Google, developers and users are all responsible, he said.

"Developers could be assisted by understanding applications' security basics; and once again having good enforcement, such as maybe random audits by Google; and consumers, should make sure that in the case of Android, they should think twice about giving apps some permissions," Miller said.

"Look for apps with good reviews, apps that have been around for a while and featured by various stores."

11 comments

  • That's it, keep hammering Android to make Apple look better. It's not working. Plenty of my friends are switching to Android, phones and tablets.

    Commenter
    Wiseguy
    Location
    Sydney
    Date and time
    November 02, 2012, 2:48PM
    • Not so Wiseguy, the article mentioned that Apple didn't disclose information about its apps. Sounds even worse than Android apps which do disclose the permissions the apps will require when installing. The app security issues are legitimate concerns on both platforms, as I imagine it will be for the new windows.

      The problem with Android apps is that the developer usually doesn't disclose why or how these permissions are to be used. It's a frustrating situation for me when evaluating whether an app is worth installing. Often I need to read through the feedback comments to try and discern their purposes, and that's not an exact science.

      Google could make Android more secure by allowing app level control by users for these permissions. So if I deny app-x access to a function like sending sms, or reading phone contacts, the app may or may not function. Developers would then be encouraged to provide reasons in their apps for why that permission is required at the point the app stops working. I would then have the option to enable the permission or uninstall the app.

      Maybe something to look forward to in a future Android version, but too late for my tablet. It won't get an official o/s upgrade by then.

      Commenter
      TF101
      Location
      ICS
      Date and time
      November 03, 2012, 4:54AM
    • Wiseguy, I don't think this reticle is pro apple or android, it is just providing information which would hopefully educate people and make more people aware of the security concerns with both apple and android smart phones. This is something that is on my mind at the moment. I am thinking of either writing an android app that monitors all other apps on a phone and checks to see what exactly other apps are doing or perhaps using wire shark on a pc and directing all traffic through my home network to check out what is being sent from the phone. It would be interesting to see what other readers thought of smart phone security,

      Commenter
      Shane
      Date and time
      November 04, 2012, 4:44PM
    • Umm, not-so-wise-guy, the story is about questionable android apps, not about any brand loyalty or otherwise. Seems android users keep taking any bad news personally. Does it highlight their lack of intelligence maybe?

      Commenter
      The Other Guy
      Location
      Geelong
      Date and time
      November 05, 2012, 7:05AM
  • nearly all Android apps have forced permissions which cannot be changed or restricted unless the device is rooted - having access to all your personal data, address book, camera, phone dialer and unrestricted internet communications.
    that's why I ditched Android - you get the feeling that it's Google who owns the device and running it for you while siphoning all kind of personal data without your permission!!!

    Commenter
    Xavier
    Date and time
    November 03, 2012, 4:38AM
    • It's so pathetic that these studies continue to identify issues with apps but never mention exactly the names of these apps so people can take action, and remove them, as I can assure you that if the app is doing it on Android is also doing the same thing on Apple's iOS platform (if it has an equivalent app), except with Apple's draconian closed-world ecosystem, you’ll never know exactly what’s going on making it even more dangerous for users than Android.

      Commenter
      Techguy
      Date and time
      November 03, 2012, 12:13PM
      • "..as I can assure you that if the app is doing it on Android is also doing the same thing on Apple's iOS platform".
        And just what sort of "assurance" are you giving? You obviously have no idea what you are talking about.
        Another android user trying to justify their choice - without success.

        Commenter
        The Write Stuff
        Location
        Melbourne
        Date and time
        November 05, 2012, 11:27AM
    • It's your own fault if you install them.All apps tell you what permissions they require before you install them

      Commenter
      Mike
      Location
      Sydney
      Date and time
      November 04, 2012, 10:21AM
      • Many people don't realise that they need to check the permissions section when they are thinking of adding an app. It's why I will never add the Facebook app (wants access to your contacts, text messages) or You Tube app (wants to auto download all your videos directly from your phone) along with many other popular social media apps. Moral of the story is check what permissions you are giving away, and if you don't agree, use website instead or just go without.

        Commenter
        sp
        Date and time
        November 05, 2012, 2:03AM
        • nothing is free.....but one thing i do know is buy a android ..that will set you free....

          Commenter
          skeptic
          Location
          perth
          Date and time
          November 05, 2012, 8:39AM

          More comments

          Comments are now closed
          Advertisement
          Featured advertisers
          Advertisement