The Bit9 study, found that more than a quarter of Android apps access personal data such as contacts and email, while 42% get GPS information, 31% access phone calls and phone numbers, and 9% could cost you money (mostly through premium SMS text message charges) - and not always with your permission.
"What's interesting about the mobile world is that [risky] apps aren't always malicious," Bit9's Sverdlove says. In a (mobile-friendly) enterprise, the key is apps with access to potentially sensitive information could be exposed or abused, he says.Juniper Networks looked at 1.7 million apps available through Google Play, They found that free apps were four times more likely to track locations than paid apps, and more than three times more likely to access user address books and contacts.
"It's OK for a free app to check location if they want to advertise. That's reasonable. But what's not is not being transparent and clear [about necessary permissions], and not providing the end user with really good data to make decisions" on whether to download the app, (Juniper's Dan Hoffman) says.Juniper found that almost 7% of free apps can access address books, 2.6% can send text messages without the user knowing, 6.4% can make calls, and 5.5% can access the device's camera. And only a small fraction of the apps actually used the personal data they collected to target third-party ads.
Juniper also found that the worst offenders were cards and casino games apps (84% of those apps can use the device's camera, and 85% can text) and racing apps (99% can send SMS texts, 95% can place phone calls).
The full Juniper report is available here, and the full Bit9 study, here.
Source - More Than 25% Of Android Apps Know Too Much About You, DarkReading