Mobile apps on Android-powered smartphones and Apple's iPhone can disclose more personal data than most users realize, security vendor Lookout revealed Wednesday at the Black Hat USA 2010 conference in Las Vegas. Rather than being malicious, users often give the apps permission to access data when they are installed.
Lookout CEO John Hering and CTO Kevin Mahaffey told a session titled App Attack: Surviving the Mobile Application Explosion that a popular Android wallpaper app from Jackeey Wallpaper sent users' data, including phone numbers and SIM card numbers, to a server in Shenzhen, China. The wallpapers included My Little Pony and Star Wars.
Free apps can be risky, they said, with about 29 percent of free Android apps and 33 percent of those for the iPhone able to determine a user's location. Apple's iOS does, however, require apps to alert users when location information is accessed. iPhone users can also use the settings to block apps from accessing personal data.
In addition, Hering and Mahaffey said, about eight percent of Android apps and 14 percent of iPhone apps can access user contacts. And 47 percent of Android apps and 23 percent of iPhone apps have third-party code, usually for mobile ads and analytics, but sometimes for other purposes.
They urged app developers to be aware of security practices, especially when third-party code is added. Mahaffey noted, "The lesson today is that developers don't always know what's inside their apps."
Hering added, "Standardized APIs are making it easier and easier to actually create practical attacks. Instead of having to do something complex in a desktop-like environment, I know I can just call the contact API, for example, and have a very simple programmatic way to grab that information."
Posted: 2010-08-03 @ 7:52am PT
Thanks for the information. It would be nice if this article included what can be done to stop this issue. Is there a firewall app we can install or Antivirus app?, etc.
Reporting on a problem is for simple news. Real news explains how to stop it from happening.
Just my 2 cents worth,
Posted: 2010-07-29 @ 6:35pm PT
With more and more people opting for a smart phone, be it android, windows mobile or iOS, the possibility of being exposed to a vulnerability makes it essential to have security tools like we have in our PCs.
Just like for PCs, crackers will surely find ways to get into peoples' smart phones and get whatever info they require, and if you are unlucky, maybe your hot scene on bed will be posted to the internet.*-*