The BBC has created a malicious app for smartphones in a bid to prove just how easy it is for cybercriminals to build software to steal data from handsets.

The malicious app, which took the form of a "crude game", was created in conjunction with Chris Wysopal, co-founder of security firm Veracode, and used parts from a number of software toolkits freely available on the web to developers that want to create apps for smartphones.

It allowed the corporation to spy on the owner of the handset, tracking the user's locations and their contacts list. It was installed on just one handet and not released to the public.

Wysopal told the BBC it's difficult for app store providers, such as Google and Apple, to identify malicious apps because genuine apps also need to access contact lists and locations

"That's kind of the scary thing," he said.

Apple iPhone

"The face of the application, be it a game or a simple application that is for fun, can have behaviour that is not visible at the surface."

Wysopal said smartphones were now at the point the PC was in 1999, when malicious programs were simply a nuisance rather than a tool used to fraudulently obtain money.

"Mobile phones are really personal devices. You might have one computer for a family but every family member has a personal device and it is with them all the time."

Con Mallon from security firm Symantec said smartphones do pose a greater risk for the potential exploitation and invasion of an individual and their identity.

"The smartphone is a truly personal device. The fact that it also has a camera and a microphone provides two new vectors for hackers to exploit people," he said.

"There is an explosion in apps and Android is growing really fast, but who is vetting these apps? If you install an app on an Android device you are confronted with a number of screens pointing out that the app will have access to your smartphone. People do not understand what is going on and, for the moment, they don't really care."

Smartphone owners were advised to identify the developer of the apps before they download them, as well as backing-up their handset to a PC and monitoring their bills.