Skip to main content

McAfee Study Reveals Abuse of Mobile App Permissions

Press Release   •   Jun 27, 2013 11:12 +08

Singapore, June 27, 2013 – McAfee today released the results of its Mobile Security: McAfee Consumer Trends Report – June 2013, which reveals new ways that cybercriminals abuse app permissions to commit fraud and install malware.  The report also shows that games are the most common form of malware-infected app.


McAfee Labs found that under the camouflage of “free” apps, criminals are able to get consumers to agree to invasive permissions that allow scammers to deploy malware. The permissions in free apps, funded by adware, leak personal information which ad networks use to serve targeted ads; however, McAfee found that 26 percent of apps are likely more than just adware. SMS scams and rooting exploits were among the most popular types of threats seen across a variety of apps.


“Privacy when downloading apps is often overlooked by consumers, and most fail to even understand the permissions they are agreeing to,” said Stephan Perchard, Vice President, Consumer and Mobile, Asia Pacific, McAfee. “This allows cybercriminals to abuse app permissions and deliver mobile malware efficiently. Mobile consumers are unknowingly letting their personal and private information slip into these cybercriminal’s hands, opening up endless doors for scammers.”


Premium Rate SMS Scams: A Pricey Problem

The report examines Fake Installer, a piece of SMS malware disguised within a free app that sends up to seven messages. At a typical premium rate of $4 USD per message, that “free” app can cost up to $28 USD as the malware tells a consumer’s device to send messages to or receive messages from a premium rate SMS number.


Bogus App Ratings: Read between the Stars

The report analyzes FakeRun, malware that tricks users in the United States, India, and 64 other countries into giving an app a five-star rating on Google Play. Once an app developer has been rated highly, other apps they publish will be trusted, which creates more opportunities for a criminal to publish and distribute malware-carrying apps.


Malicious Apps by Category: Games Top the List

The report also identifies the most popular apps that carry malware. Of the top 20 downloads of malware-infected apps, games won the popularity contest, followed by personalization and a tie between tools, music, lifestyle (a cover category for adult content) and TV.



This report draws on several data sources. The McAfee Labs Global Threat Intelligence database, which provided stats on prevalence of mobile malware, is built through data collected by McAfee Labs directly, through collaboration with third party researchers, and from data collected anonymously from McAfee product users. McAfee conclusions about app sources are based on the data collected directly by our McAfee crawlers (for the zoo figure) or by scans of downloads performed by users of McAfee Mobile Security.


For a full copy of the Mobile Security: McAfee Consumer Trends Report – June 2013 with additional threats, please visit: .

About McAfee
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector, and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence network, McAfee is relentlessly focused on keeping its customers safe.

About Precious Communications

Our focus is on Corporate Communications, Crisis Management, Reputation Management and Social Media. Combining a clear business-oriented approach with a focus on measurable results, our network of experts helps brands tell their story and tie directly into their overall communications objectives.

We are run out of Singapore and serve clients in Asia Pacific and beyond through our strong links to Europe and North America.

Comments (0)

Add comment


Agree With Privacy Policy