On Mon, Aug 6, 2012 at 5:04 PM, Adrienne Porter Felt <[email protected]> wrote: > > On Mon, Aug 6, 2012 at 2:58 PM, Jonas Sicking <[email protected]> wrote: >> >> I also believe Adrienne had done some analysis of Apps in the Android >> app store which use SMS and found that a scarily large percentage used >> it for non-great purposes. > > > That's not exactly what our data shows; it's not that most apps that request > SMS are malware, but rather that most apps that are malware request SMS. > However, I would agree that the value added by SMS is low but the risk is > high. Here's the data I've got: > > 2.934% of Android apps request the SEND_SMS permission. > By our estimation (manual review of apps), only 0.8% of all apps need the > permission; the remainder could use a built-in SMS widget like in iOS > without any loss of functionality. > 73% of malware requests this permission. I believe this % has increased > since I measured it last year. > The privilege ranks in the top 5 most concerning to users (because of its > ability to spend their money.
Ah, thanks. I love data like this! I'd recommend that we implement the ability to use WebActivities to bring up the SMS app with a prefilled number and body. Seems like that will get us in the order of 99% of all apps with very little risk to the user. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
