Android Apps Include Careless Code

Avatar:
Author:
Publish date:
Social count:
0

A recent study by researchers at Pennsylvania State University and North Carolina State University has found that Android developers are careless with their code and are endangering users. The researchers studied the 1100 top free applications on the Android Market. They broke them down into a readable programming language then checked through all twenty-one million lines of code. Some of the code was checked by computer but the researchers manually checked any interesting code.

Android Apps Include Careless Code

Online MBA programs are available for people who are interested in learning about how to minimize errors like that in business. Business and technology are tightly intertwined, and it takes people with business savvy as well as tech savvy working together to make mobile app companies like this successful.

The study did not find any malicious applications, but did find some worrying code. Many of the applications were able to read the IMEI (International Mobile Equipment Identity) number of the device and could transmit this across a network without requesting permissions from the user. One in Five of the top 1100 applications were found to be able to send the IMEI number of devices. Eighty applications that did just this were reported by Lookout around a year ago.

While applications may be able to send IMEI numbers, this does not mean they do. All code in applications is not run. Also, developers can use third-party code meaning they don't know every line of it. This means any application could potentially have the ability to send sensitive information, but very few actually do. Because developers may not know this code is in their applications they obviously cannot tell their users which makes things even more dangerous.

One major security risks involving IMEI numbers is the login details of the Verzion portal. All you need to log in to an account is the IMEI number and phone number of a device. Both of these details can be obtained by applications. It is actually possible to change the billing address for an account, purchase another device and have it sent to a different address with just these details.

This could be a major threat to users and I wouldn't be surprised if Google was to produce a tighter User Privacy and Security policy.

[source]