Bitdefender: Free apps are the 'equivalent of [smartphone] spyware'

We all know that free apps are almost never truly free and that most of them are monetized with ads inside the app itself. But according to the security and antivirus company Bitdefender, we grossly underestimate how much these apps really cost.

In a recent report, Bitdefender named free apps the “equivalent of spyware” because users unknowingly hand over a lot of personal information when installing them. Bitdefender looked at iOS and Android apps targeting more than 500,000 free applications. The research revealed that there’s little difference between the two operating systems when it comes to the user’s privacy. As for the apps themselves the results are somewhat alarming.

About 45 percent of the iOS apps that were looked at had location tracking capabilities, with 35 percent of Android apps also featuring this capability. And while this may not sound too bad, here’s where the scary part starts: 19 percent of iOS and 8 percent of Android apps have the ability to look at the user’s contact list.

Somewhere around 9 percent of Android apps have a chance to leak the device’s phone number to third-party advertisers, while 15 percent may leak the device ID. Apple has phased out the apps’ ability  to check the Device ID since iOS 5 was released.

Targeting users with ads is nothing new but Catalin Cosoi, chief security strategist at Bitdefender, says that this process is a much more insidious one on smartphones. “On mobiles, advertising frameworks can learn your communications habits, friends, friends' contacts, location and – more frequently – all of the above at the same time,” he added.

And the real problem here is that folks either don’t even know this is happening or that many didn't realize they've actually agreed to this when they downloaded the application.

Source: ITProPortal | Image via Capmac

Report a problem with article
Previous Story

Statcounter June 2013: Google Chrome reigns supreme, IE comes in second

Next Story

Will Steve Ballmer pull the trigger on Microsoft's reorganization Thursday?

25 Comments

Commenting is disabled on this article.

The most surprising thing about this news is that Anti-virus itself a spy-ware. There's no such free info or ads or app or antivirus. They always updated their database with user info for the god sake who knows what.

"Please update your user database on our server" - AV, in return they give that user a protection against others.

l'm afraid it's a win-win situation there.

Well done, Nice camouflage! Gotcha!

Shaharil Ahmad said,
The most surprising thing about this news is that Anti-virus itself a spy-ware. There's no such free info or ads or app or antivirus. They always updated their database with user info for the god sake who knows what.

"Please update your user database on our server" - AV, in return they give that user a protection against others.

l'm afraid it's a win-win situation there.

Well done, Nice camouflage! Gotcha!


I would understand that only if the os offers full permission control will there be a perfectly scured environment.

OS shall alert when apps is going for a certain permmision, users can choose to accept or reject, for this time or forever. If apps crash without the permission, users can make the os provide a blank database, declearing there's no photo in album, theres no lines in the contact, failed to locate, or the IMEI is 00000000000 etc.

Oh i think the above will never come true.

I take issue with the last statement in the article:

"And the real problem here is that folks either don't even know this is happening or that many didn't realize they've actually agreed to this when they downloaded the application."

On both OS'es this is not the case... In Android, the user is warned of the app permissions at the time of installation. Granted, once agreed to, the user has NO way of preventing it down the road. In iOS, the OS can warn you when an app is trying to access your Contacts, Camera, Location Services, which makes this a lesser issue on Apple devices.

Authors need to do more fact checking, seriously!

I think a lot of people wouldn't know/care about permissions, and would just want to hurry up and download their fart app.

-=MagMan=- said,
I take issue with the last statement in the article:

"And the real problem here is that folks either don't even know this is happening or that many didn't realize they've actually agreed to this when they downloaded the application."

On both OS'es this is not the case... In Android, the user is warned of the app permissions at the time of installation. Granted, once agreed to, the user has NO way of preventing it down the road. In iOS, the OS can warn you when an app is trying to access your Contacts, Camera, Location Services, which makes this a lesser issue on Apple devices.

Authors need to do more fact checking, seriously!


iOS really does not care about cameras. I've came across an app that taking spy shots is the only thing it does. I saw no alarts when apps are obtaining my cam (via no sys api). When mic obtained the status bar turns red, this is good, but for fullscreen apps the status bar is hidden lol. And, since all apps has the accessibility to the internet, this bugbshall be really worring.

well everyone of EA's iOS games have "usage data collection" turn on BY DEFAULT. how's that for paying to get spied on. and my credit to EA, they actually made it pretty NOT obvious for those idiots who buy and download their games to find the toggle switch to turn it off.

This is why I like iOS's privacy controls. An app doesn't get access to your contacts, location, etc until you explicitly allow it.

Brian M said,
This is why I like iOS's privacy controls. An app doesn't get access to your contacts, location, etc until you explicitly allow it.

iOS privacy controls isn't perfect. There are many apps I believe has hidden tracking users have no control over.

So, what it I don't have these free apps installed and a bunch my contacts have?
So technically these ad-vertisers have my phone number (as well), since I'm listed in my friends phone....

well zombies be like "spy on me, spy on me. I have nothing to hide". If you don't care does not mean majority doesn't. This is intrusive in itself and is the same thing of the ill hated spyware on Windows.

coderchi said,
well zombies be like "spy on me, spy on me. I have nothing to hide". If you don't care does not mean majority doesn't. This is intrusive in itself and is the same thing of the ill hated spyware on Windows.

I'm not saying 'spy on me, spy on me i have nothing to hide' considering the nature of some of my texts i'd say i certainly do have something to hide... i have lots of 'personal' stuff on my phone that i wouldn't broadcast.. but i just fail to see what these companies can physically do with that data...

Are they following me around noting where i am, gathering more information trying to steal my identity or something? the most they'll be selling geographical location, interests, maybe age, gender, and number to advertising companies? It's all riveting stuff but it's hardly worth smashing a tin foil hat over your head is it?

ZOMG! Someone might actually target me with advertising of something i might actually want.. how will we all sleep at night.....

What i find annoying is (on Android anyway) you can see a list of all the permissions an app will have, yet you have no option to deny that app a certain permission if you wish.

The MIUI custom rom i used back on my HTC Desire could do this i believe, sadly its not a standard feature. I would personally welcome users having the ability to say no to permissions.

Indeed. This would be great if possible on standard Android installs, although I imagine that a lot of apps would start to crash frequently if it was introduced suddenly.

Choose free apps with common sense. I have some great free apps on Android that didn't need any permissions. I've been on Android for two years, and haven't had an issue with spyware/security.

68k said,
Choose free apps with common sense. I have some great free apps on Android that didn't need any permissions. I've been on Android for two years, and haven't had an issue with spyware/security.

I've used Android for many years and never had any issues myself. It would just be a nice feature to have. For example its not a massive issue but i really don't think Angry Birds needs to know my "approximate location".

InsaneNutter said,
What i find annoying is (on Android anyway) you can see a list of all the permissions an app will have, yet you have no option to deny that app a certain permission if you wish.

You are not alone. Windows Phone does this as well.