The Android Market's openness comes with a significant hitch: a full 20% of its app offerings can access and share your private data. Some can even make calls and send texts from your phone without your knowledge or consent. UPDATED:
The report, from security firm SMobile Systems, also found that dozens of apps in the Android Market act basically as spyware:
29 applications were found to request the exact same permissions as applications that are known to be spyware and have been categorized and detected as such by SMobile's solution. A full eight applications explicitly request a specific permission that would allow the device to brick itself, or render it absolutely unusable. 383 applications were found to have the ability to read or use the authentication credentials from another service or application. Finally, 3% of all of the Market submissions that have been analyzed could allow an application to send unknown premium SMS messages without the user's interaction or authorization.
Granted, 29 <a href="http://gizmodo.com/5523608/there-…">out of 65,000 is an extremely small percentage. And included in that alarming 20% figure are several apps with no malicious intent. As SMobile itself points out:
"Without question, a majority of these applications were developed with the best of intentions and the user data will likely not be compromised."
So yes, you should take the figure with a grain of salt. But it's still an important reminder that as the Android Market ecosystem grows, there'll be more and more predators to populate it.
UPDATE: Following is a statement from a Google spokesperson:
"This report falsely suggests that Android users don't have control over which apps access their data. Not only must each Android app gets users' permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious."
[SMobile (pdf) via CNET]