Trend Micro says 22% of malicious apps leak user info

Thursday July 04, 2013,

3 min Read

According to Trend Micro’s latest findings 293,091 apps were found to be malicious and of these 68,740 were found on the official Google Play store. Around 22% of these malicious apps were found to leak information about the user.


Trend Micro

While not inherently malicious, adware can be abused by cybercriminals for their own gains. Adware not only uses aggressive advertising tactics such as persistent notifications, but also collects information about the user. This could be construed as a violation of the user’s privacy. Trend Micro has also predicted that malicious and high-risk Android apps will hit 1 million sometime this year.It is seen that shady developers are now taking advantage of Candy Crush, one of the hottest gaming apps in both social networks and Android.

Recently, Candy Crush grabbed the top spot from FarmVille 2 as the most popular gaming app on Facebook. This boost in popularity, however, has its perils. In particular, Candy Crush’s popularity made it the perfect target for dubious developers and cybercriminals who want to lure and profit from fans of the game – similar to what happened with other popular mobile apps and games like Instagram, Bad Piggies, and Temple Run in the past.

This is not the first time that certain suspicious developers piggyback on the popularity of Temple Run. Before it was even released for Android, Trend Micro noted fake versions made available on the Android Market, which Google immediately removed.

"It is common for suspicious developers and parties to use the name of popular apps as social engineering bait. As soon as new versions make headlines, expect that these guys are out there concocting their bogus versions, " said Sharda Tickoo, product marketing manager, Trend Micro India.

Trend Micro has thus far analysed more than 2 million apps, and here’s the brutal truth.

  • 293,091 Apps classified as outright malicious and a further 150,203 classified as high risk. It took Microsoft Windows 14 years to attract this volume of malicious code!
  • Of those 293,091 malicious apps, 68,740 were sourced directly from Google Play. It’s not just Chinese and Russian app stores.
  • 22% of apps were found to inappropriately leak user data, over the network, SMS or telephone. The leaked data most often includes IMEI, ICCID, Contact data and telephone number. A few apps were even found to leak data using the microphone and camera (along with several other kinds of private data).
  • In addition, 32% of apps were classified as “Poor” in terms of battery usage, 24% “Poor” for network usage and 28% for memory usage.