Security Experts:

High-Risk Mobile Applications Thrived in App Markets in Late 2012

The number of high-risk apps in Google Android app stores jumped by 43.2 percent in the fourth quarter of 2012, with users in the U.S. having an average of 1.1 risky programs per device, according to a report by TrustGo Mobile.

In a new report, the firm analyzed 2.27 million applications found on 187 Android marketplaces worldwide. According to TrustGo, more than 1 in 5 applications (21.1 percent) available worldwide have high-risk code that can compromise users' personal data. Overall, the number of apps categorized by TrustGo as high-risk – not necessarily malicious - increased to 511,043 from 356,675 between the third and fourth quarters of last year.

"High-risk code is most often the result of unsafe and aggressive adware and ad networks," explained Jeff Becker, head of marketing at TrustGo. "These networks may collect private user data such as phone number and device ID and transmit it to  third parties who use it for unscrupulous notifications - e.g. those that look like system updates - or leverage unnecessary permissions that allow aggressive tactics such as modifying browser homepage, or put unwanted icons and apps on the device."

Many of the riskiest applications are games, according to the firm. Worldwide, more than 178,000 game applications have the high risk security rating – representing 44.5 percent of all such apps, according to the company.

The most risky marketplaces are China-based, with an average of 39.2 percent of apps flagged as malicious, high risk or "noisy", with noisy meaning they have the potential to annoy users with excessive notifications or advertisements. The riskiest major app market in China is the Anzhi marketplace, where 77.6 percent of all apps were classified by the firm as posing some risk to users.

The title of safest marketplace went to Aproov in Europe, which had just two percent of apps classified as malicious, high risk or noisy. Amazon was ranked the fourth safest, while Europe-based Handster and China-based D.cn ranked second and third, respectively. 

Google Play, which has a security mechanism known as Bouncer to police the marketplace for malicious applications, was ranked fifth safest, with 8.4 percent of apps being considered risky.

The report from TrustGo comes after research from Kaspersky Lab released in November revealed that 28 percent of all mobile devices attacked by malware in the third quarter of 2012 were running Android OS version 2.3.6, known as 'Gingerbread'.

When it comes to what's on users' devices, TrustGo found that mobile users in India were at the most risk. On average, those users have three high-risk applications on their devices. Chinese users had the second most, with 2.4 per device. The lowest amount was in Japan, where there were .8 high-risk apps per device. 

“Malware continues to be a problem around the world, but the real growth is happening in a category of apps we call ‘High Risk’,” said Xuyang Li, founder and CEO of TrustGo, in a statement. “These apps do not include malware in the conventional sense, but they are capable of a wide variety of behaviors that put users in danger."