Data security company Proofpoint recently conducted a study which focused on free mobile apps and analyzed their privacy and security vulnerabilities. They found that users are inadvertently judging the risks of free apps based on the type of app. While apps which are primariliy marketed to an adult audience, such as gambling games, are often presumed to be more risky, other apps which appear innocuous can pose just as much risk as an online poker or slot machine game. 

Flashlight apps which utilize your phone’s LED light or screen brightness to provide the utility of a flashlight were one of the app groups the researchers looked at. Out of “5,600 apps analyzed (all for Android), 26 contain known malicious code and another 36 can be classified as high risk. Users can be forgiven for not expecting a flashlight app to need to communicate externally, yet the flashlight apps as a whole communicated with 678 servers across 28 countries.” Examples of high risk behavior include uploading user information without permission, including their address book, emails and browsing history, as well as reading and sending email and SMS messages.

Another group of applications which may appear innocuous but poses significant risks to users is religious apps, including apps which provide access to the Bible. “Looking more closely at the apps themselves, Proofpoint analyzed over 5,600 unique Bible apps (4,154 for Android; 1,500 for iOS), including 208 that contain known malicious code and 140 classified as high risk based on their behavior, all for the Android platform.” Furthermore, many of the Bible applications analyzed do not have privacy policies and send data about their users to a variety of countries. The researchers note that this malicious and potentially dangerous behavior is not limited to unpopular outliers. “One of the most popular Bible apps sends data to sixteen servers in three different countries; reads the user’s SMS messages, address book, and device and phone information; tries to exploit cross-app interaction if the device is rooted; and can even make phone calls on your behalf.”

Powered by WPeMatico