In its report, Bit9 describes its methodology as crawling Google Play to collect detailed information about 412,000 mobile apps, including publisher, popularity, user rating, category, number of downloads, requested permissions and price.

Of the 412,222 Android apps evaluated from Google Play, Bit9 says more than 290,000 of them access at least one high-risk permission, 86,000 access five or more and 8,000 apps access 10 or more permissions "flagged as potentially dangerous." It defined risk level according to relative degrees of privacy intrusion and the app's feature set, perhaps the ability to wipe devices or change systems settings.

The study also included a survey of 138 IT professionals responsible for mobile security for over 400,000 users in their organizations. It found:

* 78% think phone makers do not focus enough on security, but 71% allow employee-owned devices to access their organization's network.

* Only 24% deploy some form of app monitoring or control to grant visibility into employees' devices.