He did not speculate on the motivation of the developer, but said many security issues arise because of developer oversight and are not necessarily malicious. For instance, Citibank said Monday that it had plugged a hole in its banking iPhone app that was inadvertently storing customer account data on the phone.
"We can find apps that leak information to logs and find if a malicious app is trying to read logs and slurp information from your phone," said Kevin Mahaffey, chief technology officer at Lookout.
In its analysis of free apps on the Android and iPhone marketplaces, Lookout found that fewer Android apps are able to access a person's contact list or retrieve location information compared with iPhone apps, while nearly twice as many iPhone apps can access contact data compared with Android.
Meanwhile, many apps contain third-party code that can interact with sensitive data in ways that mobile phone users and developers may not understand. This can happen when a developer cuts and pastes code designed for use for advertising or analytics, a situation that was found in 47 percent of free Android apps and only 23 percent of iPhone apps, Mahaffey said.
He could not say which of the two platforms--the "curated" iPhone model or the open Android model--had fewer malicious apps or was more secure.
"There is a big gray area," he said. "A number of apps that are leaking personal information onto some server may not be malicious but they certainly have an impact on your privacy."