Andrew Brandt is the director of threat research at Blue Coat. He's also the victim of an aggressive advertising mobile app.
A few months ago, the Android enthusiast downloaded a game promoted by Amazon as the free app of the day. "I didn't really think anything of it, but after I ran the game, strange things started happening on my phone," he explained via email.
For example, notifications began appearing for things not installed on his phone. "Then within about 30 minutes of installing, playing, and then putting the phone away, I received a text message confirmation that I had subscribed to some sort of paid SMS service for $5.99 a month," he said.
"Of course, I hadn't subscribed to the service," he said. "In fact, I hadn't even sent an SMS message myself the entire day."
What happened? Brandt had given the app permission to send SMS messages when he installed it -- ostensibly, so he could share high-scores and other content about the game with friends and other players. But the app abused the privilege and sent an SMS message, using a method outside the normal messaging app on the phone to auto-subscribe him to the premium service.
Brandt's case was quickly remedied by his carrier and Amazon immediately pulled the app from its online store. But the problem of mobile apps sticking their binary noses where they ought not to is growing. And according to a study by Bitdefender, it's an affliction significantly affecting both the Android and iOS worlds.
After analyzing more than half a million free apps on both platforms over the last year, Bitdefender found "applications are equally invasive and curious on iOS as on Android, even though one may argue that one of the operating systems is safer."
The study suggests that the "Walled Garden" Apple has erected around its mobile ecosystem may have some cracks in it. "Surprisingly enough, iOS applications matched the ones written for Android," Bogdan Botezatu, a senior e-threat analyst with Bitdefender, said in an email.
"Advertisers' main goal is getting hold of user data regardless of platform, and would often go as far as the platform allows them to go," he said.
For instance, more than 45% of iOS apps contain location-tracking capabilities, compared to about 35% for Android apps, the study noted.
Bitdefender found that 7.69% of Android apps could access contacts stored on a phone, and 18.92% of iOS apps did the same thing.
Although a portion of the Android apps could leak device IDs, email addresses and phone numbers, Apple has plugged those holes in its ecosystem.
About 15% of Android apps may leak device IDs about a handset, the Bitdefender study said, while almost six percent may leak email and more than eight percent may leak phone numbers.
Sign up for Computerworld eNewsletters.