Researchers demonstrated a malicious source-sink combination with an example.

"Your address book is read; hundreds of instructions later and without your permission an SMS is sent or a website is visited," said Erik Derr, who does research at the Center for IT-Security, Privacy and Accountability (CISPA) of Saarland University.

To identify a functional relation between source and sink, the computer scientists use new methods of information flow analysis.

As input they provide suspicious combinations of accesses on the application programming interface. As the software needs a lot of computational power and storage, it runs on a separate server.

"So far we have tested up to 3,000 apps with it. The software analyses them fast enough that the approach can also be used in practice," Derr said.

Read More:

5 Smart Tools to Predict Climate

9 Must Know Facts About Facebook-WhatsApp Deal

10 Most Common Malwares And Their Preventions

Never Loose Contacts Again With These Apps