The just-released report by mobile app security firm Appthority reviewed the top 50 free mobile apps at Apple’s App Store and Google Play, specifically the top 10 free apps across five common categories in each store.
The company’s analysis focused on particular ways the apps behaved in a test environment. These behaviors include sending and receiving data without encryption, location tracking, sharing data with advertising or analytics networks, accessing the user’s contact list or address book, and accessing the user’s calendar.
From there, Appthority identified what it says are the top security risks behind these mobile apps. The report found that the vast majority of free apps send and receive data to outside parties without encryption. Also, entertainment apps are the worst offenders when it comes to security risks with the highest number of apps that track for location and share data with advertising networks and/or analytics companies.
Other key findings:
- 79% of the top 50 free iOS and Android apps are associated with risky behaviors or privacy issues. Overall, iOS apps exhibited more risky behaviors than Android apps.
- While 14% of iOS apps had access to a user’s calendar, none of the Android apps had similar access.
- More than half of the total apps track for location by accessing the device GPS or using other location tracking methods.
Overall, iOS apps have more access to user data. The majority of iOS apps track for location (60%), share data with advertising or analytics networks (60%) and have access to the user’s contact list (54%).
But Android apps were not too far behind, half shared data with ad networks and/or analytics companies, and 42% tracked for location. However, substantially fewer Android apps had access to contacts (20%) and none of them accessed the user’s calendar.
“It’s generally perceived that Android devices are more ‘dangerous’ due to the increasing amount of Android malware. But in actuality, mobile malware infects less than one percent of apps,” the report stated.
“The real concern should be over how mobile apps are handling personal info and company data. In that respect, iPhones should not be considered any safer than Android devices. Any Internet-connected device can be put data at risk.”