Apple staffers personally comb through every app that’s submitted to the App Store before approving it. The end result is that relatively few of the apps available for iOS are outright spyware or malware. Sure, there are a lot of ridiculous apps that don’t do very much. But the theory is that they at least won’t steal your data… or show you pornography.
The Google Android Market is a much more open place for developers to share their apps with smartphone users. But every time you install an app, you’re greeted with a security note letting you know what kind of information the app will collect from your device. Download Squad has a good overview of the data that apps can collect, ranging from your location to your browser history and bookmarks and contact data.
Theoretically, if you read those notices you should be able to avoid apps that collect your personal data if you’re the sort of person who frowns upon that kind of thing. But let’s be honest. How often do you actually pay attention to these warnings? You just click OK, don’t you?
The folks at mobile security firm Lookout suggest you stop doing that and pay a little more attention.
The company launched the App Genome Project this week, which looks at hundreds of thousands of mobile application and identifies security threats and other information. One of the group’s findings concerns wallpaper apps from Jackeey Wallpaper.They’re available in the Android Market, and the wallpaper apps have been downloaded at least a million times.
While the apps are simply designed to give you a number of wallpapers for your Android home screen, they also collected browsing history, text messages, and even information about your SIM card number and voicemail password. There’s clearly no reason a wallpaper app needs any of that information — which was all sent to a site in China.
Lookout says that about a third of the free apps available for iOS and Android can access a user’s location, while about 14% of iOS apps access contact data compared to 8% on Android. On the other hand, the group’s research shows that 47% of free Android apps have third party code, which is more than twice the number of iOS apps — although that’s not necessarily a bad thing, since third party code can include mobile advertising code.
Update: The developer of the wallpaper app in question sees things differently, and says his apps never collected the kind of data Lookout claims.
Update 2: Google temporarily banned the developer’s apps, but has since decided that they’re safe. You can now download them from the Android Market again. But the bigger point is that you should look closely at the permissions required by some apps to determine whether you’re comfortable with the type of information they’re collecting.