SAN FRANCISCO--(BUSINESS WIRE)--Lookout, the leader in smartphone security, today unveiled the App Genome Project, an ongoing effort to map and study mobile applications in order to identify security threats in the wild and provide insight into how applications are tapping into personal data and accessing other phone resources.
The App Genome Project has already scanned nearly 300,000 applications, and fully mapped nearly 100,000. Early findings show differences in the sensitive data that is typically accessed by Android and iPhone applications and a proliferation of third party code in applications across both platforms.
Results found that applications on Android are generally less likely than applications on iPhone to be capable of accessing a person’s contact list or retrieving their location, with 29% of free applications on Android having the ability to access a user’s location, compared with 33% of free applications on iPhone. Additionally, nearly twice as many free applications have the capability to access people’s contact data on iPhone (14%) as compared to Android (8%).
The App Genome Project also found that a large proportion of applications contain third party code with the capability to interact with sensitive data in a way that may not be apparent to users or developers. This third party code is generally for advertising or analytics. The project found that 47% of free Android applications included this third party code, while that number is just 23% on iPhone. Third party code is difficult to globally update and creates potential cross platform vulnerability.
“The App Genome Project is an important step in securing our mobile phones against threats. With a real time database, we can quickly identify threats in the wild and swiftly move to protect consumers,” said John Hering, CEO of Lookout. “Early results point to the need for developers to be more aggressive about protecting consumers’ personal information, including what information is accessed, what is sent off the phone and how it is stored.”
At the Black Hat security conference this week, Lookout security researchers will release the full findings from the App Genome project and also demonstrate new vulnerabilities caused by inadvertent developer practices and platform issues.
Mapping the Apps
Beginning earlier this year, the App Genome Project has mapped free applications available in both the Android Market and iPhone App Store. By automatically examining the components that make up mobile applications, the project is able to determine what mobile applications are capable of doing when people install them. By combining this real time application analysis with an understanding of platform issues, Lookout security researchers are able to rapidly identify applications that are either unintentionally or intentionally creating security risks for users.
“The ability for applications to easily access personal data has opened up a world of possibilities for mobile applications, but also places a greater burden of responsibility on both developers and users,” said Kevin Mahaffey, CTO of Lookout and co-author of the study. “As we continue building the App Genome Project, we’re committed to providing the insight about mobile applications necessary to keep phones and sensitive information safe.”
Lookout is a smartphone security company dedicated to protecting people as they use their mobile phones. Lookout protects people from malware and spyware, provides data backup and recovery, and can locate a missing device if it is lost or stolen. Lookout’s unique cross-platform, cloud-connected applications are designed from the ground up to provide advanced protection for smartphones while remaining lightweight and efficient. With users across 400 mobile networks in 170 countries, Lookout is a world leader in smartphone security. Headquartered in San Francisco, Lookout is funded by Khosla Ventures, Trilogy Equity Partners and Accel Partners. For more information and to download the application, please visit www.mylookout.com.