Symantec researchers have identified an alarming percentage of apps that collect and send valuable personal information to app developers. Earlier this year, Symantec began beta technology trials to experiment with scanning Android apps prior to download for vulnerabilities and privacy risks using a proprietary tool, Norton Mobile Insight. Our technology found intimate personally identifiable information (PII) such as a device’s phone number, usernames, passwords, calendar details, call log information, and even pictures and text messages, are regularly accessed by apps that may not have reason to do so. Shockingly, almost one-third of apps scanned by Norton Mobile Insight leak SIM card information such as address book details, mobile PIN numbers and call history. Additionally, roughly 13 percent (or nearly 2M apps) of Android apps scanned by Norton Mobile Insight send a user’s phone number off the device.

Newly released Symantec research[i] indicates that most consumers worry about these types of mobile app security and privacy risks. However, the findings suggest consumers are their own worst enemies when it comes to mobile privacy. Most consumers unknowingly – sometimes even willingly – put personal information at risk, compromising their own privacy. In fact, the study found that many of those who worry the most about mobile privacy are the least likely to take precautions to protect themselves—all  in exchange for free app downloads.

Do consumers really know what they are downloading?

To understand how consumers perceive security and privacy risks created by mobile apps, we surveyed more than 6,000 people in nine markets around the world (survey report available for download here). What we discovered regarding consumer perceptions in comparison to our Norton Mobile Insight data was eye opening:

• Our global consumer survey indicates that the most enjoyable app activities include playing games (55 percent), listening to music (50 percent) and watching videos (41 percent), while the Norton Mobile Insight findings indicates the “free” apps that consumers download for entertainment present the greatest risks including the highest incidence and severity of privacy infringements.
• Seventy percent of respondents report being most worried about securing financial information and passwords/usernames, while Norton Mobile Insight findings show that these are some of the most protected data classes on smartphones. Conversely, more than 1/3 of global respondents would readily give up their physical location details for a free app.
• Two in five respondents do not worry at all about getting a virus on their smartphone. One in four admit they don’t really know what they agree to when downloading an app. In reality, mobile security risks are growing rapidly. Known mobile malware families increased 69 percent and known mobile malware samples increased fourfold from 2012 to 2013.
• The majority of respondents worry about getting a virus on their smartphone; however, those concerned users are also more willing to allow apps to use battery life, control data usage, and access contacts, fitness information and photos – much more so than users who aren’t concerned with getting viruses.  
• Ironically, those that worry about getting a smartphone virus think they understand app permissions but in reality, these people are nearly as uninformed as those that do not worry.

(Note: Chart includes U.S. comparisons only)

Central to this issue, consumers fail to read end-user license agreements (EULA) or don’t necessarily understand what they’re agreeing to before downloading apps. Many users fail to understand how they may be compromising their own privacy when accepting app permissions. According to our global survey: 

• One in four respondents is not aware that apps can modify browser bookmarks, access the phone’s camera and microphone, or send photos to the app developer. Almost half of respondents in all regions are unaware that apps can send physical location details.

• More than two-thirds of respondents do not realize that apps place notification bar ads while 20 percent of apps scanned by Norton Mobile Insight place these types of ads on mobile devices.
• The oldest respondents (ages 55 and up) seem to be more self-aware as the most likely group to admit to not knowing how an app can impact their smartphone.
• Millennials (ages 18 to 34) are more likely to assert that they know what information they are agreeing to provide, but score equally low in actual knowledge.

Practicing Safe Mobile Behavior

Today we’re taking a step toward empowering and protecting consumers by extending new mobile privacy capabilities to Norton Mobile Security and Norton Security. Norton now scans and identifies problematic Android apps before users download – an industry first for mobile security solutions.

In addition to proactive app scanning, Norton Mobile Security and Norton Security automatically protect mobile users by blocking fraudulent (phishing) websites, remotely locking a lost or stolen smartphone, locating a missing device, and enabling lost devices to snap photos and display customizable messages. 

In today’s connected world, mobile devices are more than mini computers in our pockets – they are digital warehouses storing our most personal moments and information, such as photos and videos, conversations with friends and family, health and fitness information, financial data and more.

A collection of safe practices to protect against today’s mobile threats can also be viewed here. You can also download an infographic highlighting key findings from our consumer mobile app survey here.

[i] Norton Mobile Insight is a proprietary intelligence tool that crawls over 200 app stores globally to determine and provide dynamic analysis of app behavior.