Whether you’re an Android or iOS smartphone user, chances are that you’ve downloaded a variety of apps into your phone. While you likely investigated these apps before you downloaded them, did you know that there are more to some apps than meets the eye?
Some apps may connect users to ad-related sites and tracking sites, or even suspicious sites connected to malware, without the user’s knowledge. While users can encounter this issue with apps for any mobile platform, there tends to be a higher risk with Android apps. The reason is that Google Play is more open than other app stores. The apps it offers span a far more extensive quality range.
Of course, advertising is important for monetizing apps, especially free ones, but there’s a big difference between a developer employing the right demand side platform and designing their app to access ad and tracking sites behind the user’s back.
Just how bad is this problem? Luigi Vigneri and a team from Erecom in France came up with an automated way to check apps in Google Play and monitor the sites to which these apps connect. Their results revealed that many applications make secret connections without users knowing.
They began their research by downloading more than 2,000 free apps from every category in the Google Play store. Each app was launched on a Samsung Galaxy SIII that ran Android 4.1.2 and was set up to send all traffic through the team’s server. The server recorded every URL each application attempted to contact.
In conclusion, the apps connected to a startling total of 250,000 different URLs across nearly 2,000 top level domains. While the majority of the apps attempted to link to only a handful of ad and tracking sites, a small portion connected to dubious sites linked to malware.
To help users track the apps they use and see if they are attempting to connect to external sites, the team has created an app called NoSuchApp to help give Android users confidence in the applications that they use.