Security Market Segment LS
Tuesday, 08 December 2015 12:43

One out of 10 Android apps leak personal information


You need to be careful – even in Google’s Play Store. Hordes of apps are downloaded without any idea of the risks involved.

Apps can connect to a complicated network of websites, both to function and generate advertising revenues, but most users don't know their private information could compromised.

A team from University of California, Riverside have estimated that about 9% of apps in the Google Play store interact with web sites that can compromise user security.

“A lot of people believe that if an app is popular or available on one of the big app stores then it must be safe, and we suspected that wasn’t the case,” said Michalis Faloutsos, a computer science professor in UCR’s Bourns College of Engineering.

By developing a tool called Android URL Risk Assessor (AURA), the team identified more than 2,500,000 URLs accessed by the 13,500 apps, which they cross-referenced for trustworthiness using VirusTotal, a database of malicious URLs, and Web of Trust (WOT), a popular website rating system.

The apps tested were created by reputable developers and downloaded by many people, among them popular social media, shopping, news and entertainment apps. At this stage these apps have not been named and shamed.

The team will present their findings at the IEEE Globecom conference in San Diego, US on December 8.

"We focused on a relatively neglected aspect of security research, which is the potential for good apps to leak personal information through the sites they interact with,” Faloutsos said.

  • 9% of the popular apps interacted with malicious URLs (implicated in distribution of malware)
  • 15% talked to bad websites (with intentions that vary from harming devices, stealing confidential data or annoying users with spam)
  • 73% talked to low-reputation websites
  • 74% talked to websites containing material that is not suitable for children

"The team plans to make AURA available for developers, researchers, android users, and distributors like Google Play," said Xuetao Wei, professor at the University of Cincinnati in US.

The researchers recommend users to limit the number of apps on their phones to those they really need and review new apps before downloading them.

"Reading the comments left by other app users is a good security practice that can help users make more informed decisions about what they put on their smartphones," Wei said.

Which makes Android Marshmallow and its ability to selectively turn off app permissions even more urgent.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments