Extra, added Android apps from phone makers can be security risks

Nov. 6, 2013 at 7:19 PM
share with facebook
share with twitter

RALEIGH, N.C., Nov. 6 (UPI) -- Free apps often installed by smartphone makers and wireless providers to customize their Android phone offerings can be security risks, U.S. researchers say.

In order to differentiate their offerings from the competition, vendors are unnecessarily introducing a host of potential security issues that don't seem to be improving over time, computer scientists at North Carolina State University reported.

They said they looked at pre-installed apps on flagship phones from Google, HTC, Samsung, LG, and Sony, analyzing the number of pre-installed apps, which permissions they have, and whether they contain any vulnerabilities.

In total, the devices had 1,548 pre-loaded apps, 82 percent of which were added by vendors to customize the device, ZDNet reported Wednesday.

The biggest problem from a security perspective, the computer scientists said, was that they behaved badly; 86 percent of all pre-loaded apps requested more Android permissions than they actually use, which they term as "over-privileged."

All vendors performed poorly in this, the researchers said.

Even when possible security risks represented by over-privileged or vulnerable apps are identified, Android smartphone makers are slow to release security patches and then only for some of their devices, the researchers said.

Related UPI Stories
Topics: Google
Trending Stories