Free gambling apps top security risk list

Last updated 05:00 04/11/2012

Relevant offers

Digital Living

What to expect when you're expecting... fibre Secretive billionaire reveals how he toppled Apple in China Facebook is masking our depression, but can it help us get better? How do you know if you're over-doing it on Facebook? British Prime Minister Theresa May calls on social media companies to act Three things Samsung says its Bixby assistant will do that Siri can't How online bullying became an epidemic we're all guilty of It is past time we fully examined the ever-expanding influence of Facebook on our lives What you should think about before buying Apple's cheaper iPad and red iPhone YouTubers claim restrictions targeting gay-themed content

Free casino and racing game apps pose the biggest security risk to smartphone users, according to a new report.

The Android apps, downloaded via the Google Play store, have been revealed as the biggest offenders when it comes to accessing device functions such as camera and address book for unknown purposes.

The finding is of concern not only to individual users, but also companies struggling to manage the security of a growing fleet of bring-your-own mobile devices.

Juniper Networks's Mobile Threat Centre found that hundreds of thousands of apps could expose sensitive data or access unnecessary device functionality, after it analysed over 1.7 million apps on the Google Play store between March 2011 and September 2012. 

Apps traditionally collect user information to serve relevant content from third-party ad networks, but the research found there was a very low percentage of ads being distributed via the top five ad networks. It concluded the apps were collecting the information for other purposes.

Last month, another study found Android apps were leaking personal information.

For the latest study, the MTC installed the apps and checked that the description of their features warranted the permissions being requested. It also looked at how many ads were served by the apps. The figure of 1.7 million includes apps withdrawn or blocked from the Google Play store during the research, and newer versions of some apps.

The report detailed concerning app "behaviours" some can discreetly initiate outgoing calls, which can be used to eavesdrop on ambient conversations within hearing distance of the mobile device; some were allowed to send text messages and create a "covert channel to siphon sensitive information from the device"; some can use the device's camera to potentially obtain photos and videos of the surrounding area.

The gaming and racing apps blatantly overstepped permissions that were more than adequate for normal use.
Free card and casino games apps, which simply imitate popular casino games for fun, accessed a number of features without justification: 94 per cent accessed phone calls, 83 per cent accessed the camera, 85 per cent could send SMS.

Racing games was the most concerning category, according to the report, which noted that during the research period there was an "abnormally high" number of apps removed from the marketplace.
"This category contained the highest number of applications that the MTC would consider to be newly discovered malware."

Ad Feedback

Ninety-nine per cent of paid, and 92 per cent of free, racing game apps could send SMS; half of free downloaded apps could use the camera; 94 per cent of free games could make outgoing phone calls.
There are some legitimate reasons to access these features. In some cases, casino apps accessed the camera so users could insert a personal background picture into the interface. Some financial apps also allowed users to call financial institutions.

Overall, compared to their paid counterparts, free downloads were four times more likely to track location - a quarter of all free apps were allowed to track user location - and they were three times more likely to access user address books.

The report author Dan Hoffman, chief mobile security evangelist at Juniper Networks, said developers should better explain why an app needed to access certain features. Apps should only ask for permissions if absolutely necessary to function, and they should inform users of exactly how their data and device are used.

"It seems there is no such thing as a free lunch in mobile," he wrote.

"If people choose to use free applications, they will likely need to provide information in exchange. Many do not realise that this tracking is happening and may not be making informed choices."

The report said Apple does not disclose information about its apps.

Pure Hacking chief technology officer Ty Miller said hackers could control the apps to attack users, even if the apps weren't developed for malicious purposes.

Miller said that, generally, mobile developers didn't code with the same level of maturity as their enterprise counterparts, who were more security-conscious. They often requested as many permissions as possible to ensure their app works.

Google, developers and users are all responsible, he said.

"Developers could be assisted by understanding applications' security basics; and once again having good enforcement, such as maybe random audits by Google; and consumers, should make sure that in the case of Android, they should think twice about giving apps some permissions," Miller said.

"Look for apps with good reviews, apps that have been around for a while and featured by various stores."

-IT Pro


Special offers

Featured Promotions

Sponsored Content