Microsoft Subnet An independent Microsoft community View more

What apps sell or steal your data or take over your phone? PrivacyHawk can tell you

30% of free mobile apps capture and sell personal info from your phone, but a free app dubbed PrivacyHawk can identify risky Android apps that leak, sell, or steal your personal data, as well as those that can take over your phone.

PrivacyHawk for Android
Credit: Marble Security

Did you know "the U.S. accounts for more than 42% of the world's most dangerous mobile apps targeting non-jailbroken and non-rooted devices? These apps aren't found on shady third-party stores—they're found right in the trusted Apple App Store and Google Play—putting the everyday consumer at higher risk for privacy violation than they likely realize." That's just one nugget from Marble Security's threat stats after the firm's analysts, cryptographers, and cybercrime specialists analyzed over 3.5 million iOS and Android apps from more than 650,000 publishers. They scored each app "against 1,000 potentially malicious and privacy-leaking behaviors to determine whether it is risky or safe."

Apps that leak your personal info can of course compromise your privacy. "This poses a threat to you, your personal contacts, and any company or financial institution you do business with," according to Marble Security. "The scary fact is that nearly 30% of all those free mobile apps that smartphone users love actually capture and sell your contacts, text messages, Web browsing histories, and photos. App developers earn money two ways: charging for their app or selling your sensitive data."

The company now offers Android users a free mobile privacy and security app dubbed PrivacyHawk. Besides detecting malware and viruses, it detects apps that steal private info; it analyzes and scores the apps you have installed on your device in order to show you the privacy-leaking and dangerous ones.

PrivacyHawk app Marble Security

After scanning your phone, PrivacyHawk sorts your apps into "safe" or "privacy watch." The risky apps show up in a list under privacy watch. Tapping on an app in that list takes you to the app scan report, which lists risk score, risk summary, and risk details mapped to show you where the app sends your data and to whom your info could be leaked or sold. If you decide to uninstall an app, simply shake your phone to rescan your apps.

PrivacyHawk mapping where your data is sold or leaked Marble Security

So I tried it out and had no app rated as "dangerous," but I was surprised to see Firefox listed near the top under "privacy watch" with a risk score of 5.68.

Here's another example from my phone that had me wondering just how badly I actually need to be able to scan documents with my phone instead of using paper copies. CamScanner, a phone PDF creator which has 10 to 50 million installs, was rated by PrivacyHawk as having a 6.19 composite app risk and a 7.55 publisher risk. The map is a good visual of where the app sends my data and to whom my info could be leaked or sold. Can you say uninstalled immediately?

PrivacyHawk report on CamScanner app

Since Belkin engineers previously explained WeMo app permissions, some of which seemed to require excessive or questionable access, I was curious as to what PrivacyHawk had to say about the WeMo app.

PrivacyHawk analysis for WeMo Android app

The risk summary for the WeMo app would not fit on one screen, so as not to repeat the page one summary, the right column of "new" risks start at the arrow.

PrivacyHawk risk summary for Wemo

"With little thought to the consequences, smartphone users casually give sweeping permissions to mobile apps to upload and use private information stored on their devices," said Dave Jevans, CEO, chairman and CTO of Marble Security. "What they do not understand is that once uploaded, personal data is frequently sold to advertisers around the world. That data, in turn, can be easily stolen or purchased by cybercriminals, hackers, hostile governments and aggressive advertising networks to mount highly targeted phishing and social media attacks. The stolen, or more accurately 'gifted,' personal information poses a threat to the users themselves, their personal contacts, their employers and any companies or banks with which they do business. We developed PrivacyHawk as an effective tool for mobile users to check on the apps they download and identify those that abuse personal data, or worse, still actually contain malware."

Since the Android version of the PrivacyHawk app just launched, I've only played with it today and can't give you much more info than I have. So far I like it, but the map was a bit tricky on my phone when trying to tap on the dots to see where precisely my data was being leaked or sold. At any rate, I pretty much kicked most of those apps to the curb. Ironically, PrivacyHawk requires many permissions and grants a lot of access, but most security apps want to go deep.

PrivacyHawk permissions Google Play

You can read more about the app on Marble Security, Google Play, or the PrivacyHawk data sheet (pdf). The security firm's website says PrivacyHawk is coming soon to Apple's App Store.

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.