SEATTLE (CBS SEATTLE) — Cell phone apps have introduced a very real privacy concern to consumers and companies – and free apps have been found to track users’ address books and locations.
A new study of 1.7 million Android apps by Juniper Networks found that free apps were four times as likely to track users’ locations as paid apps and three times as likely to access users’ address books.
But while users should be cautioned by these privacy issues, it is companies that should be most concerned in terms of security.
“Companies need to understand if they are making security policy and decisions based on BYOD scenarios,” Dan Hoffman, chief of mobile security at Juniper, told eweek.com. “I think there is a tactical security concern that they need to have, if the users are bringing these apps into the company and, for example, there are applications that have use of the camera or a microphone.”
Juniper’s report is the latest study to show that many Android apps, and especially free apps, request questionable permissions that do not match the stated functionality of the application. Many apps, including the popular Pandora Internet radio app, send users’ information to advertisers.
A survey by the security group ISACA found that more than half of users have had their location information collected by an app, but only a quarter had privacy or safety concerns.
The Juniper study also found out that a majority of consumers assume that collected information is for advertising reasons, when in fact, far more collect data for non-advertising reasons.
Almost a quarter of every free app tracks location, and almost 7 percent access the address book.
But only about one-in-10 apps uses known advertising networks, the company told eweek.com. The Paid apps are far more privacy-sensitive: Only 6 percent of those track location and 2 percent access the address book.
One group of security researchers at Indiana University and the Naval Surface Warfare Center confirmed suspicions that mobile devices are being compromised by attackers quite easily. They created a program called PlaceRaider that could secretly take photos and construct 3D representation of any given space.
The researchers found that specific classes of apps accounted for a sizable portion of the privacy-compromising programs. Almost all card-and-casino apps, which recreate gambling games, asked for permission to make outbound calls, and more than 80 percent also asked for permission to use the camera and send SMS texts.
Juniper is continuing its research in order to investigate specific types of aggressive applications. It is a security solutions network based out of California.