Security researchers have identified that many Android apps secretly connect to ad sites and user tracking sites.
Researchers at EURECOM, a Graduate school and Research Centre in Communication Systems located in the Sophia Antipolis technology park (French Riviera), developed a program that checks apps in Google Play and monitor the sites they connect to. Their results reveal the extraordinary scale of secret connections that many apps make without their owners being any the wiser. The researchers downloaded over 2,000 free apps from the Google Play store. They then launched each app on a Samsung Galaxy SIII running Android version 4.1.2 that was set up to channel all traffic through the team’s server. This recorded all the urls that each app attempted to contact.
Next they compared the urls against a list of ad-related sites from a database called EasyList and a database of user tracking sites called EasyPrivacy, both compiled for the open source AdBlock Plus project. When they they counted the number of matches on each list for every app, they discovered that the apps connect to 250,000 different urls across almost 2,000 top level domains.
The team said that most apps attempted to connect to just a handful of ad and tracking sites. About 10 percent of the apps they tested connect to more than 500 different urls. And nine out of 10 of the most frequently contact ad-related domains were run by Google.
On the otehr hand, more than 70 percent of apps do not connect to any user tracking sites. But those that do can be extravagant, some connecting to more than 800 user tracking sites. What’s more many of these are created by organizations that Google has designated with "top developer status."
The team plans to make the app publicly available on Google Play in the future.