Buyer beware: US is biggest creator of malicious mobile apps

Reuters / Shannon Stapleton
The US creates nearly half of the malicious mobile applications offered through Google Play or the Apple App Store, according to a mobile security company. The finding upends conventional wisdom that Asia is the top developer of such apps.

Over 42 percent of the dangerous apps were published in the United States, according to the report by Marble Security. The company, which offers a mobile security cloud service, analyzed more than one million apps available on the North American versions of the Apple App Store or Google Play that do not require a jailbroken or rooted device ‒ meaning they were not designed for modified devices.

“This came as a surprise to Marble’s analysts, who before examining the data would have bet that most malicious apps originated from publishers in Eastern Europe or Asia,” the security company said in its report. “While China, Korea, India and Taiwan generate a great number of malicious and risky apps, their combined total doesn’t amount to that of the United States.”

Marble Security

Apps were labeled as malicious or high risk if they compromised users’ privacy or security, including sending private data without their knowledge or copying contact databases and sending them to untrusted locations without knowledge or permission. Fraud was another way these apps compromised users, such as sending premium-rate SMS (text) messages to defraud customers.

While Google Play and the Apple App Store are considered the most secure of the application marketplaces, according to IDG News Service, the malicious apps are still found in those places. They’re getting past the vetting processes of the official app stores “quite craftily,” iDigitalTimes noted.

“For example, an app may request access to your contact database, but does not disclose the fact that it uploads your entire contact database to third party servers, perhaps insecurely, and that this data is sold or used to target your contacts who might be colleagues at work,” Marble wrote.

“This research further underscores that consumers and businesses need to pay close attention to what apps they download onto their mobile devices, and how those apps use or misuse personal data,” Marble wrote.

Marble Security

Trend Micro, a company that specializes in security software, published a blog post advising people how to avoid malicious apps, focusing on those that mimic the popular mobile game Flappy Bird.

“There are a number of deviations in the imposter version. It pretends to have a trial period, after which it tells users that it can be reactivated simply by sending a text message to a premium-rate SMS account,” the post noted. “The app also has an ‘Are you sure…?’ exit prompt not found in the original game; even if the user confirms, the app continues to run in the background and can be found in the recent apps display.”

Trend Micro’s vice president of cloud computing, Mark Nunnikhoven, told iDT that users need to be careful of the permissions an app asks for, as some request too many. He also says people shouldn’t go looking for a deal or substitutes, as the free version is probably malicious.