Dead Men Tell No Tales, but Smart Phones Tell All

Do you have an iPhone or an Android based phone? Wait, don’t tell me, if you installed some third party apps I can probably find out.

According to Lookout Inc., in an article at http://news.yahoo.com/s/ap/20100728/ap_on_re_us/us_tec_techbit_apps_privacy many of the iPhone and Android apps include spyware. To be fair, Lookout Inc didn’t call it spyware, but that is effectively what it is. Lookout Inc is a mobile phone security company and they claim that after scanning 300,000 smart phone applications they found that many of these applications secretly take data from the phone and send it back to a 3rd party.

There is a significant difference between the iPhone and the Android systems however. Apple wants users to believe that they only allow safe applications on the Apple store, where Android relies upon Google’s ability to remove software without your permission if they deem it unsuitable for any reason.

Either way, Apple’s white listing is showing the fatigue that is inevitable in a non-scalable system and Android is a crapshoot by design. Apple does appear to have the edge where only one out of four applications were found to contain spyware as opposed to half of the Android apps containing spyware. For the technically astute, however, Android has the edge in that it requires you to grant permission to access sensitive resources. For those who are not so technical the Android approach is about as valuable as a parachute in a submarine… ok, maybe a little less valuable.

Some of the types of data that may be leaving your iPhone or Android phone without your knowledge include your contacts, pictures, text messages, and internet browsing history. These applications are not generally written to steal the information, it is a problem with developers including third party code that they do not understand and the third party developers do not say what they are doing.

The developers presumably get the code for free and it helps them make money through advertising revenue. The problem is that the developers would often not use the additional code elements if they knew of the trust issues.

Free isn’t always free. 99 cents is virtually free, as is $1.99. If you go for free or almost free applications then expect that you will pay for it… perhaps even dearly. Keep in mind that if one of these third party companies get’s your text messages and has poor security, then your text messages may be all over the internet.

It is really amazing what you can do with a smart phone. You can find your current location and the relative location of a place you wish to go to. You can instantly text a friend halfway around the world and discuss highly confidential subjects. You take pictures of your loved ones in compromising positions… and then share it with the world through a free application that you thought was only making it possible to tether your smart phone to your computer.

There is an old adage that you get what you pay for. When it comes to apps for smart phones you may be spending a lot more than what you imagined.

Randy Abrams
Director of Technical Education
ESET LLC

Author ESET Research, ESET

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.