Mobile users can’t live without apps. But the bad news is 83% of the most popular mobile apps pose some sort of security risk, according to Appthority’s Summer 2013 App Reputation Report. The mobile app security firm analyzed 400 of the most popular paid and free apps on both Android and iOS platforms. And it found a whopping 95% of the top free apps and 77.5% of the top paid apps exhibited at least one risky behavior.
If you’re wondering what constitutes “risky behavior,” one example Appthority discovered is apps sending users’ private information to third party services such as ad network companies. Not surprisingly, app developers do it for the money. A quarter of app revenue comes from advertising; and many mobile apps are ad-supported software. Another risky behavior Appthority uncovered: 72% of the top free apps and 41% of paid apps track the user’s location.
There are no state or federal regulations to control this kind of behavior by app developers. So they don’t need to think twice before they sacrifice app users’ online privacy and the security of their data as well as their companies’ data. Case in point: This summer, Appthority discovered what seemed to be a Disney Princess wallpapers app on Google Play. What could be wrong with an app from the Magic Kingdom? As it turned out, plenty. The app, which was not created by Disney, collects the personal information of everyone who downloads it, such as their name, email address, and phone number, and sends the data to ad networks. Then users get hit with tons of spam and pop-ups.
When it comes to adware, why are we still living in the Wild West? “It’s partly due to the fact that adware occupies a grey area between spyware and goodware,” according to Lisa Phifer, President of Core Competence, a company that focuses on network security and technology. “For a decade, it’s been common for PC anti-virus scans to flag adware but give users the option of ignoring it or removing it,” she says. A large number of free mobile apps come bundled with adware. And they can often only be removed by purchasing the paid version.
A study this summer by the mobile security firm Lookout found that 6.5% of free Android apps on Google Play contain adware. It estimated that one million Android users downloaded adware over the past year. According to Lookout, that makes adware the most prevalent app-based mobile threat in the world today. Phifer warns this is not just an issue with apps in Google Play. It also happens in the Apple iTunes app store. Even worse, the Lookout study found that the prevalence of adware in third-party app stores is significantly higher. Given the threat level, it’s disturbing that there are no widely adopted guidelines defining what constitutes adware by the broader mobile industry.
Unfortunately, there’s not a lot users can do to avoid adware. Using a password on your phone to deter adware that borders on surveillance won’t help. According to Phifer, if the adware/surveillance app is installed on your device, it’s running whether or not your password has been entered.
Remember, your wireless security is in danger every time you download an app with adware. Here’s what you can do to limit your risk:
- Before you download an app, look at who publishes it and read the reviews and Terms and Conditions. Take the time to read the lengthy list of permissions requested by each app at install time.
- Don’t hesitate to either cancel installation of apps that seem to “overreach” or deny narrower requests such as permission to access your location or send messages.
- Only download applications from what are considered to be trusted sources: the Apple iTunes App Store and Google Play followed by Amazon and Handango for Android. These known-trusted stores aren’t foolproof. But the vast majority of mobile malware to date has been distributed from other unofficial app stores, so you can reduce your risk by avoiding them.
- Detect and remove adware on your mobile device by using a reputable anti-malware scanner app that will tell you about other apps installed that contain adware. For example: https://play.google.com/store/apps/details?id=com.lookout.addetector
In other words, think before you download apps. Your mobile security depends on it.