Free Android apps are have a bite light . That , at least , is the conclusion of a grouping of security research worker , who find that ill vetted apps on Google Play are connecting to a massive phone number of ad and trailing site — without users being any the wiser .
While Apple rigorously vet everything that appears in its app store , Google Play is much more open , only omit apps that are obviously malicious . Many of us enjoy the dotty west app environs Google has cultivated , but a wider quality ambit can leave way for apps that play tight and loose with their drug user . That ’s why security system investigator at Eurecom in France have conduct a monumental sweep oar of devoid apps , monitoring the sites they colligate to unbeknownst to their users . MIT Tech Review describe their late field :
Vigneri and co begin by download over 2,000 destitute apps from all 25 categories on the Google sport depot . They then launched each app on a Samsung Galaxy SIII run Android version 4.1.2 that was set up to transfer all dealings through the team ’s host . This recorded all the universal resource locator that each app attempted to contact .
Next they compare the universal resource locator against a list of known ad - relate sites from a database called EasyList and a database of drug user trailing situation call EasyPrivacy , both roll up for the open beginning AdBlock Plus labor . last , they counted the number of matches on each list for every app .
All in all , the 2,000 apps in question connected to a banging 250,000 universal resource locator across almost 2,000 top - level domains . Most of these apps were modest offender , only trying to unite to a smattering of ad or tracking sites , but roughly ten percentage of the apps studied unite to over 500 different URL . ( Unsurprisingly , 9 out of the 10 most oft contacted advertising - related land are run by Google . ) Top offenders include “ Music Volume EQ , ” which colligate to over 2,000 distinct urls , and Eurosport Player , which hook up with 810 different user - trailing sites .
Thankfully , the researchers are also working on a solution : A new Android app , call “ NoSuchApp ” that monitor outgoing traffic from a user ’s earphone , bring out just which external sites your apps are essay to contact . Keep an eye out for NoSuchApp in the Google Play memory board — this NSA , at least , promises it wo n’t sight on you . [ MIT Tech Review ]
Read the full written report onarXiv .
AndroidGoogleGoogle PlaySecurity
Daily Newsletter
Get the estimable tech , skill , and finish tidings in your inbox daily .
News from the time to come , delivered to your present tense .
You May Also Like
