Black Hat: App Genome Project to root out mobile security threats

The App Genome Project will highlight the dangers of mobile phone apps

Mobile security firm Lookout is to showcase its App Genome Project at the Black Hat 2010 conference in Las Vegas this week.

The company claims that the project will become the largest mobile applications dataset ever created, and will identify security threats and look at how applications access personal data.

Lookout said in a blog post that 33 per cent of free iPhone apps, and 29 per cent of free Android apps, can access the user's location, while eight per cent of free Android apps, and 14 per cent of free iPhone apps, can access the user's contact information.

The company also found that 23 per cent of iPhone apps include third-party code, as opposed to 47 per cent of Android apps.

Lookout also intends to increase awareness of the threat posed by what it calls "mobile data leakage" at the Black Hat 2010 conference.

"This occurs when developers inadvertently expose sensitive data in application logs in a way that makes it accessible to malicious applications," the firm said.

"In one instance of this vulnerability, Android was releasing user location data into logs in a way that made it accessible to other applications. That vulnerability has been addressed by Google and is fixed in all versions of Android 2.2 and beyond."

Developers will also be made aware of best practices for accessing, transmitting and storing users' personal data, Lookout said.

Mobile platform security continues to be a major issue as people increasingly turn to devices such as smartphones to carry out day-to-day activities such as banking.

Security flaws will continue to occur with the influx of apps into the Google and Apple stores, according to Lookout.

Citigroup was recently caught out by a security flaw in its US Citi Mobile iPhone banking app, which had saved the personal information of thousands of customers.

However, Citigroup said there was no evidence of any user information being compromised, and the security flaw has been patched.

Even iPad owners had their details exposed last month after a major security lapse by US carrier AT&T.