Using SCURVY, the researchers analyzed more than 600 applications offering interfaces to more than 3,500 activities and found that 61 percent of the allowable actions did not impose acceptable security precautions on the use of their activities. For example, a version of the voice-over-IP program, Skype, could be exploited by other programs to make calls without notifying the user.

"The way to stop this is to apply appropriate permissions," Hassell says.

While the problems are not in Google's software, the company should seek ways to increase the security of third-party applications, he argues. Because third-party developers make up such a hefty portion of the software ecosystem, they need to be trained to write more secure code and their programs should be vetted, Hassell maintains.

"I think it is Google's responsibility to help developers make better security choices during application development," he says.

While avoiding details, Hassell said he found significant vulnerabilities in dozens of popular third-party applications on Android. Using the automated scanning engine, the issues are easy to find, he says.