I'm referring to reports breaking this morning - here and here -- which claim that 20 per cent of the 48,000 apps in the Android market allow third-party apps to access your most sensitive information.
Some of the apps can make calls and send text messages without you the user knowing what happened, warns SMobile Systems in its Android market threat report. (Of course, SMobile Systems makes security packages for Android).
5 per cent of Android apps can place calls to any number and 2 per cent let apps send unknown SMS messages to premium numbers that incur expensive charges.
Freedom to innovate. Freedom to spam, steal and scam smartphone people signing up to the Android army. I'll stick with an iPhone myself.
And it gets better.
Dozens of these Android apps -- and don't forget, there are 48,000 Android apps in all, with just under 10,000 risky ones -- are able to access the kind of data that spyware likes to grab.
When you run those apps, your email, email content, contacts, texts, phone calls, numbers and more are all at risk.
"The open-source architecture that drives Android phones and the abundance of application stores available for all smartphone devices have allowed developers to quickly create and post thousands upon thousands of new applications," says Daniel V. Hoffman, Chief Technology Officer for SMobile Systems in a company press release.
"As a result, applications are currently available that have the potential to cause serious harm to devices, customers and to the broader cellular network," he warns.
At issue is that key philosophical difference between Apple's curated approach to apps and Google/Androids welcome to everybody approach.
In theory the "Android community" is meant to police for rogue apps, but in practice the smartphone market isn't populated by incredibly tech-literate people who are able to spot a problem or figure out how to report it.
That cooperative open-source approaches to identifying and solving problems require a level of anarchistic self-determination and responsibility that is at a premium in the consumer markets.
Consumers expect to pay for things that work. They don't expect to have to become security experts just to make a phone call.
The threat means that, for most users -- particularly those who don't regularly sync their device with a computer and thus grab the latest updates -- there's a level of risk at the Android market that exceeds that you face at the App Store.
Just because you are getting your app from a known location like the Android market doesn't mean you can assume that the app isn't malicious, Hoffman told Cnet.
With Android there's always a risk that one-in-five apps just haven't had their security problem properly vetted yet.
"It is important to note that electronic criminals, as a rule, will pick the easiest opportunities available when attempting an attack," the security researchers warn.
This comes to an uncomfortable truth:
There are thousands of Android applications that grant access to personal information, location data, or access to services that could be misused.
Android users are downloading and installing these apps daily, and while Google spouts its open model as an advantage against the curated care shown by Apple, it isn't just the search giant that's accessing as much of your personal data as possible as you go about your life. Rogues are taking a hard look too.
By declining to curate its own App Store, Google is arguably failing in its duty of care.
How long until an Android user is affected by one of the many, many flawed apps? Who will they sue?
When it comes to the consumer markets, open isn't an advantage, but a liability.
This is Android's Achilles Heel.
Apple should use it.
And probably will.
But, equally it is possible the report's findings are flawed, a Google representative argued this morning. In a statement, the Android developer stressed it does indeed take security seriously, and said,
"This report falsely suggests that Android users dont have control over which apps access their data. Not only must each Android app gets users permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.