Lookout unveiled the App Genome Project, an ongoing effort to map and study mobile applications in order to identify security threats in the wild and provide insight into how applications are tapping into personal data and accessing other phone resources.

The App Genome Project has already scanned nearly 300,000 applications, and fully mapped nearly 100,000. Early findings show differences in the sensitive data that is typically accessed by Android and iPhone applications and a proliferation of third party code in applications across both platforms.

Results found that applications on Android are generally less likely than applications on iPhone to be capable of accessing a person's contact list or retrieving their location, with 29% of free applications on Android having the ability to access a user's location, compared with 33% of free applications on iPhone . Additionally, nearly twice as many free applications have the capability to access people's contact data on iPhone (14%) as compared to Android (8%).

The App Genome Project also found that a large proportion of applications contain third party code with the capability to interact with sensitive data in a way that may not be apparent to users or developers. This third party code is generally for advertising or analytics. The project found that 47% of free Android applications included this third party code, while that number is just 23% on iPhone . Third party code is difficult to globally update and creates potential cross platform vulnerability.

At the Black Hat security conference this week, Lookout security researchers will release the full findings from the App Genome project and also demonstrate new vulnerabilities caused by inadvertent developer practices and platform issues.

Mapping the Apps

Beginning earlier this year, the App Genome Project has mapped free applications available in both the Android Market and iPhone App Store. By automatically examining the components that make up mobile applications, the project is able to determine what mobile applications are capable of doing when people install them. By combining this real time application analysis with an understanding of platform issues, Lookout security researchers are able to rapidly identify applications that are either unintentionally or intentionally creating security risks for users.