• by Ben Frederick  @mp_benfred, December 18, 2015

As is the case on the Internet, where it’s common knowledge in certain circles that religious sites contain more malware than porn, a similar trend appears to be true for religious apps on mobile devices.

Proofpoint, a California-based SaaS company, recently analyzed 38,000 iOS and Android apps of many different categories. The company found that free versions of holy books tended to not have privacy policies and contain a high degree of “riskware,” along with gambling apps and flashlight apps.

Of the 5,600 Bible apps analyzed, 208 contained known malicious code and 140 classified as “high risk” based on their behavior. Those that were at risk could be found on the Android platform, which makes sense, as Android is much less stringent about what gets put up in their app marketplaces.

Proofpoint reports that one of the most popular Bible apps sends data to sixteen servers in three different countries, reads the user’s SMS messages, address book, and device and phone information, tries to exploit cross-app interaction if the device is rooted, and can even make phone calls. Information gleaned from this malicious code is often shared on various ad networks.

Apps based on the Quran also had an elevated risk of fraud, and the Torah had the lowest risk of malicious code, though it also had fewer options available for download.

“The surprising prevalence of riskware in religious texts’ apps provides further evidence that mobile users — and their employers — need to be far more security-conscious,” states Kevin Epstein, VP of threat operations at Proofpoint.