There are a lot of applications available in the Google Play Store, and with the open policies that Google has, that may not always be a good thing.
According to a report published by Technology Review recently, a finding shows that many apps downloaded from the Google Play Store actually have a lot going on behind the scenes, most of which is unknown to the person downloading them onto their smartphones or tablets. In the report, Luigi Vigneri and Eurecom are outlined in their attempt to develop an application that essentially shows just where the other installed apps are connecting to.
The need for this spurred from the fact that many apps connect to ad-supported sites in the background, and others, even more deviously, connect to sites that might be related to malware. This is an issue in and of itself, so Vigneri and the collected crew set forth to test out how this works. The results are quite enlightening.
The group downloaded 2,000 applications from the Google Play Store, spanning all 25 categories therein and only the free apps available. They then launched the apps on a Samsung Galaxy S III that’s running Android 4.1.2, which was set up to divert all of the phone’s traffic through the group’s proprietary server. As such, each app that tried to access a URL was logged.
The results show almost 250,000 sites connected across 2,000 top-level domains. As an example:
”Vigneri and co give as an example “Music Volume Eq,” an app designed to control volume, a task that does not require a connection to any external urls. And yet the app makes many connections. “We find the app Music Volume EQ connects to almost 2,000 distinct URLs,” they say.”
According to the team, about 10 percent of the apps they downloaded and tested connected to upwards of 500 different URLs. Furthermore, 9 out of 10 of the most frequently contact ad-related domains are run by Google.
Many of the apps also connect to user-tracking sites, some of them as many as 800 different ones. And, still others connect to sites that are outwardly suspicious, and may have a link to malware.
The supposed fix? Another application. Vigneri and the team have created an app called “NoSuchApp,” or “NSA” for short. This app will monitor the behavior of other apps that are installed on the phone. What this app will cost remains to be seen, as it’s not available just yet. It’s scheduled to release sometime in the near future.
[via MIT Technology Review]