In a study conducted by security research firm Zscaler, 28% of Android apps request permission to read old SMS logs, while a whopping 68% request permission to send SMS messages from your phone. They also found that 36% of apps request GPS permissions, while over 46% request access to the “phone’s state”, allowing the app to gather information related to the SIM card, IMEI number, serial number and more. For the study, Zscaler analyzed over 75,000 apps from the Google Play store and logged the requested permissions from each app. Being a security firm, Zscaler considers SMS and GPS related permissions to be the two most “high risk” permissions to grant access to, with “device information related permissions” landing sixth on the list.
For apps that require address book permissions, 98% of apps require access to read the address book, where as 54% require access to create contacts.
Zscaler found that 80% of apps request “network discovery permissions”, which allows the app to determine which type of network the device is connected to, such as 4G LTE, HSPA+, 3G and so on. 90% of apps request internet access, which is no surprise considering even To-Do list apps ask you to sign-in and create accounts.
This is a serious concern for Android users, as Google becomes more lax with what apps can and cannot access, malicious developers could become more attracted to the Android platform to breed attacks. For the full report, check out Zscaler’s blog.