A new study has found that mobile malware soared by more than 600 percent over the past year.
Juniper’s third annual report said from the 12 months from March 2012 the company found 276,259 mobile malware apps, up from 28,500 in 2011 and 11,000 in 2010.
Ninety two percent of reported malware targeted Android.
But Georgia Tech assistant professor Patrick Traynor said users should be more weary of apps that infringe privacy.
Apps that fail to provide clear indications to users of how they plan to use the data they collect – or how much data they collect in the first place – are the more “realistic” threat to the consumer, as well as companies that have embraced bring your own device policy.
In February, Traynor, along with a team of Georgia Tech researchers and Manos Antonakakis, chief scientist at security firm Damballa, found 3492 devices in a network of 380 million were infected with mobile malware – accounting for less than 0.0009 percent of the overall sample. (pdf)
Trail of Bits CEO Dan Guido said Android app developers should do more to provide privacy management options in their apps.
“Android users click through the privacy decisions they are asked to make to get access to the applications they want, then are given little to no tools to manage this access,” Guido said.
Juniper's report warned users should be less trusting of free apps which tended to collect more sensitive data than paid apps.
Free apps are three times more likely to track mobile users' location, and 2 1/2 times more likely to access their address books than purchased apps.
Symantec said a legitimate free Facebook Android app had a bug that caused users' phone numbers to be leaked without their knowledge.
More than seven million devices have installed the Facebook app, according to Google Play, the official app store for Android users.
The issue involved phone numbers being sent over the internet to Facebook servers, even before users login to their accounts.
Symantec said it reached out to Facebook, and the social networking site would provide a fix for the bug in the next Facebook for Android release.
Troy Vennon, director of Juniper Network's mobile threat center, told SCMagazine.com that the issue of data-exposing apps is worsened by the fact that less experienced developers sometimes use app toolkits as a reference point for their own apps. But these toolkits often request more information than is necessary from users.
In addition, the issue is exacerbated by users who simply fail to check the privacy policies or details of apps they agree to install, he said.
“They need to make sure they are looking at the permissions the app has,” Vennon said. “More times than not, [users] aren't really doing that."