Smartphone security firm, Lookout, today released the findings of its second App Genome Report, based on an analysis of over 500,000 mobile apps across different device platforms and app markets. The results show that the Android Market is growing at a rate nearly three times faster than the Apple App Store. While these markets increase users’ access to apps, some also have a higher number of apps that could be repackaged with malware or illegitimate ad code.
Lookout found that the number of apps available in the Android Market increased approximately 127% since August 2010, while the Apple App Store grew at a rate of 44% during the same period. This coupled with the fact that the Android Market has seen the prevalence of paid apps go from 22% to 34% indicates the Android Market is maturing. In comparison, the proportion of paid apps for the Apple App Store went down slightly during the same period going from 70% to 66%. If apps continue to be developed for each platform at the same rate, the number of apps in the Android Market would overtake the number in the Apple App Store in mid-2012.
The Android Market may be adding new apps at a faster rate than the Apple App Store, but the App Store continues to have a significantly higher number of applications and attract a significant number of developers to its platform. According to the App Genome Project, the Apple App Store attracted nearly 23,000 additional developers between August 2010 and February 2011, whereas the Android Market attracted just over 4000 additional developers in the same time period. It’s also interesting to note that the average number of apps submitted per developer is 6.6 for the Android Market and 4.8 for the Apple App Store.
Apps on Both Platforms Continue to Access Sensitive Data
A significant number of apps in both the Apple App Store and the Android Market have the capability to access users’ location and contact information, although the Apple App Store has a higher percentage of apps with these capabilities. In the Apple App store, 11% of apps have the capability to access contacts and 34% have the capability to access location. In the case of the Android Market, 7.5% of apps access contacts and 28% of all apps access location. For both markets these percentages have decreased slightly over the last 6 months, which may be driven by an increased level of developer sophistication and a heightened awareness of privacy concerns amongst both users and developers.
Alternative App Markets Analyzed Offer Choice but Also Increased Risk
As the app economy expands, alternative markets are emerging for both platforms. The App Genome Project analyzed four alternative app markets and found that while these alternative markets increase users’ access to apps, they also can expose users to increased security and privacy risks.
Alternative Android App Markets. The App Genome Project analyzed two alternative markets for Android that target Chinese customers. While these markets serve a legitimate need for local apps, nearly 11% of the redistributed apps also available on the Android Market were found to be repackaged, or not submitted by the original developer. Of these, nearly a quarter request more permissions than the original app.
In December 2010, Lookout, discovered a sophisticated Trojan has coming from an AppStore in China that affected Android devices. The Trojan, which it named “Geinimi,” was able to compromise a significant amount of personal data on a user’s phone and send it to remote servers.
The additional permissions requested by repackaged apps include access to location, contact information, phone state, Internet access and the ability to make phone calls. Some repackaged applications found on the alternative markets could serve as a vector for illegitimate activities, whether it’s ad fraud (the inclusion of illegitimate ad code), piracy or malicious activities like bundling malware.
iPhone Alternative App Markets. In the case of iPhone, the alternative markets analyzed provide owners of jail-broken devices access to apps not available in the official App Store and to pirated apps. Not surprisingly, one of the markets analyzed primarily hosts pirated apps (88%). Lookout’s analysis indicated that these pirated apps titles represent 8% of the paid apps in the Apple App Store.
As the overall app ecosystem continues to evolve with the addition of new alternative app markets and continued growth in the competing platforms, Lookout expects to see an increasing number of threats to privacy and security. Lookout will continue to provide regular updates to the App Genome Project to monitor these changes.