The Angry Apps Saga
Earlier this week, The Guardian published its most recent Edward Snowden leaks, which allege that the NSA is able to collect user data from cell phone apps, such as Angry Birds. However, it should come as no revelation that these excessively intrusive cell phone apps are risky.
Last year, Zscaler published research, identifying that at least 20 percent of Google Play Store apps are classified as adware, due to their excessive permission requests.
Some of the excessive permissions requested by mobile apps include:
- The ability to read and send SMS messages;
- The ability to read and write bookmarks;
- The ability to read contacts;
- The ability to make phone calls.
Rovio, the publisher of Angry Birds, has denied any direct involvement with the NSA, but the fact remains that the excessive permission requests of mobile applications make them a target for the NSA. Which raises the question, if the NSA has been able to crack these apps to access the treasure trove of data they contain, can the bad guys be far behind?
Zscaler Vice President of Security Research Michael Sutton spoke with Bloomberg News about the security risk of third-party application permissions, noting that 96 percent of the top 25 social-networking apps request e-mail access, 92 percent ask for access to users’ address books and 84 percent inquire about their physical locations.
Of course, most user give permission to these apps without a second thought.
Stay tuned to research.zscaler.com for an in-depth analysis of mobile application permission later this week.