Do you know what the applications you have installed on do and do not do? Android your device? Most people rely on the idea that they have given the required permissions during the installation of the application, without knowing that some applications can be modified.
A simple example that doesn't need any modification on the application side is that you know an application connects to the Internet based, but you don't know which websites, how often it connects and why.
A recent research paper (PDF) shows that many free apps offered by Google Play link to several URLs in the background.
The team analyzed 2.146 free apps from all 25 Google Play categories based on their popularity. They found that these apps linked to “nearly 250.000 unique URLs across 1.985 top-level domains".
The methodology used for the analysis of these applications was as follows:
- All apps ran on a Samsung Galaxy SIII Mini smartphone with Android 4.1.2.
- The phone is configured to use a local VPN from which the researchers tracked traffic activity using tcpdump to create a package for each application.
- They used 10.000 automated user interactions while the application was running.
- Each packet capture was processed with Tshark for eqtreatment of URLs. The team then compared the results with EasyList and EasyPrivacy, two popular directories used by Adblock Plus and other extensions and programs adblocking και αντι-monitorings.
- Last but not least, is that all URLs have been tested with VirusTotal.
The conclusions were disastrous. About 10% of all the apps tested were linked to over 500 different URLs, while top apps were linked to more than 1000 separate URLs.
About 33% of apps were not associated with ad placements, while other apps were linked to 40 ad URLs.
About a quarter of the applications communicate with monitoring servers. Some of these have been linked to more than 800 different trackers.
For VirusTotal ratings, 94,4% of all urls tested were rated 0 with the worst case scenario showing positive results on three of the 52 different engines used by the service.
Developers have created a new app that shows what apps that run on devices with Android.
The app is not yet available on Google Play, but it will be available officially at some point. Currently it is available only from this address.
The app installs a local proxy and monitors the movement of applications on the system.