Of the 412,222 Android apps evaluated from Google Play, Bit9 says more than 290,000 of them access at least one high-risk permission, 86,000 access five or more and 8,000 apps access 10 or more permissions "flagged as potentially dangerous." It defined risk level according to relative degrees of privacy intrusion and the app's feature set, perhaps the ability to wipe devices or change systems settings.
The study also included a survey of 138 IT professionals responsible for mobile security for over 400,000 users in their organizations. It found:
* 78% think phone makers do not focus enough on security, but 71% allow employee-owned devices to access their organization's network.
* Only 24% deploy some form of app monitoring or control to grant visibility into employees' devices.
* 84% feel Apple iOS is "more secure" than Android and 93% of respondents allow iOS to access their network. Only 77% allow Android devices, and in something of a surprise, 13% say they allow rooted Android or "jailbroken" iPhone devices onto their networks.
* 96% allowing personal devices also allow employees to access email using the device, while 85% allow access to company calendar data.
The potential for trouble in all this, according to Bit9, is that apps that can access all this user data could become the open door for hackers to exploit in the future.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.