Most of the apps that are downloaded by smartphone users would either come from the Apple App Store or the Play Store from Google. With Apple, the apps are carefully checked first before they are allowed to appear in the App Store. In the case of Google, only those apps that obviously appear as malicious are excluded from the store. Google is more open and places a lighter touch in checking the apps.
For this reason, the apps from the Play Store come in a wider quality range. With more than 1.2 million apps that can be accessed from the Play Store, users face the big challenge of choosing the right app for their Android devices. Some of the apps come from unverified sources and provide no mechanism to be contacted by the users.
"In our work, we first develop a lightweight characterization methodology that can automatically extract descriptions of application network behavior, and apply this to a large selection of applications from the Google App Store. We find several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity," says Luigi Vigneri, head of the research team, on the research paper.
Around 2,000 free apps from the Play Store are allegedly connected to an unbelievable 250,000 sites which are scattered through more than 2,000 domains. While most of the apps connect to just a handful of these sites, ten percent of them connect to 500 or even more. Google's ad services appear to belong to the top 10 of these sites. There is one app found to be connected to more than 2,000 sites.
As for apps that connect to user tracking sites, the researchers learned that only 30 percent of these free Play Store apps are connected. However, some are found to be connected with 800 addresses or even higher than that.
One example given by Vigneri and his team is an app called "Music Volume EQ." The app is designed to manipulate the device's volume which does not require building a connection to an external URL. In reality, the app makes several connections.
"We find the app Music Volume EQ connects to almost 2,000 distinct URLs," said the team.
Most users of these ad and tracker connected apps have little or no knowledge of this trend in the Play Store. In order to help these users, Vigneri created the so-called "NoSuchApp" or NSA which is designed to monitor the behavior of other apps on the user's device and find out which external sites that the apps try to connect to.
"With this application, our goal is to provide a mechanism for end users to be aware of the network activity of their installed Android applications," said Vigneri. He added that the app will be available soon in the Google Play Store.
Photo: Rob Bulmahn I Flickr
