Study finds mobile applications requesting more permission than required

It is a well known malaise. Just as we don’t habitually read the fine print before signing up for a web service, there is general laxity while approving permissions for mobile applications (Apps) before downloading them on our smartphones and tablets.

A recent survey by Juniper Networks’ Mobile Threat Center, which analysed over 1.7 million Apps on Google Play market from March 2011 to September 2012, has shown that often several Apps request for permissions that are not central to what service they provide. This seems to come at the risk of privacy of those who download the Apps.

Writing about the findings, Juniper Networks chief security evangelist Dan Hoffman mentions in a blog post: “We found a significant number of applications contain permissions and capabilities that could expose sensitive data or access device functionality that it might not need. We also determined these apps had permission to access the Internet, which could provide a means for exposed data to be transmitted from the device. Of particular interest, free applications were much more likely to access personal information than paid applications.”

The contrast between paid and free Apps gets so strong that it makes on what exactly is the “cost” of such free Apps. According to the summary of the findings, free Apps are 401 per cent more likely to track locations than paid Apps and 314 per cent more likely to access one’s address books to acquire contact details. This problem is not restricting to merely unknown free Apps but also sometimes applies to very popular Apps. The Wall Street Journal has in the past exposed how some important popular services of the likes of Pandora, TextPlus4 or Path, have been caught exposing private information of App users to third-party sites.

Mobile Apps have increasingly become the de facto way users connect to the Internet and share details. Research firm Gartner predicts that the number of mobile apps downloaded will double to 45 billion this year, and their capabilities are only getting smarter.

Juniper Networks’ study also sounds a warning that the data being collected by some of the Apps might be getting to unknown destinations. “When looking at the disparity between free versus paid apps, there is a common industry assumption that free apps collect information in order to serve ads from third-party ad networks. While this is true in some cases, Juniper examined 6,83,238 application manifests and found the percentage of apps with the top five ad networks is much less than the total number tracking location [24.14 per cent].”

“This leads us to believe there are several apps collecting information for reasons less apparent than advertising.”