A leading international research company Juniper Networks' Mobile Threat Centre has warned mobile users to be careful with some free casino gambling apps and racing game apps which head the security risk list for smartphone users.
After it analyzed over 1.7 million apps on the Google Play store between March 2011 and September 2012, Juniper's Mobile Threat Centre found that apps on the Android platform could expose sensitive data.
In the latest research MTC installed the apps and checked that the description of their features warranted the permissions being requested also looking at how many ads were served by the apps. They found there was a very low percentage of ads’ being distributed via the top five ad networks, so it concluded the apps were collecting the information for other purposes.
The report says that some apps can discreetly initiate outgoing calls, which can be used to eavesdrop on ambient conversations within hearing distance of the mobile device; some were allowed to send text messages and create a 'covert channel to siphon sensitive information from the device'; some can use the device's camera to potentially obtain photos and videos of the surrounding area.
Free card and casino games apps accessed a number of features without justification: 94 percent accessed phone calls, 83 percent accessed the camera, 85 percent could send SMS.
Still, racing games were obviously the most concerning category: they contained the highest number of applications that the MTC would consider to be newly discovered malware with 99 percent of paid, and 92 percent of free racing game apps could send SMS; half of free download apps could use the camera; 94 percent of them could make outgoing phone calls.
Although the study notes that there are some legitimate reasons to access those features: casino apps accessed the camera so users could insert a personal background picture into the interface, or when financial apps allowed users to call financial institutions.
In general, the study discovered that, compared to their paid counterparts, free downloads were four times more likely to track location and they were three times more likely to access user address books.
Dan Hoffman, chief mobile security exec at Juniper Networks, said developers should better explain why an app needed to access certain features: "If people choose to use free applications, they will likely need to provide information in exchange. Many do not realize that this tracking is happening and may not be making informed choices."
One anti-hacking expert recommended that developers should be encouraged to pay more attention to security coding while consumers needed to take more care over what they downloaded, and what permissions they gave.