According to a report by SMobile Systems, entitled “Threat Analysis of the Android Market,” Google allows one-fifth of its Android applications to access private data that could be used for malicious purposes.
Surveying 48,694 Android applications, or 68% of currently available apps, 29 were additionally found to request information from the user that have been well-documented as fitting the profile of known spyware.
Open access to the Android by developer talent and the openness of the system to manipulation are currently balanced.
Here are some additional findings.
“A full eight applications explicitly request a specific permission that would allow the device to brick itself, or render it absolutely unusable. 383 applications were found to have the ability to read or use the authentication credentials from another service or application. Finally, 3% of all of the Market submissions that have been analyzed could allow an application to send unknown premium SMS messages without the user’s interaction or authorization.”
How can a company that relies on reliability allow so many potentially screwy apps access to its customers? That’s the price of openness.
“The Android Market offers the ability for developers to create any application they choose with the community regulating whether the application is appropriate and safe, as opposed to relying on a formal screening process….The Android Market offers flexibility that markets such as the Apple App Store do not by allowing anyone to develop and publish an application to the Market’s consumers. This presents the opportunity to easily defraud innocent consumers for financial gain.”
Whether the freedom is worth the risk is currently being answered by users and by advertisers. But another question users, and Google itself might ask, is how a system like the Android Market might be kept open but made safer.