Android apps have always been under scanner for various purposes such as hiding Android
malware as well as
adware. Now, a new study has raised questions over how several free apps connect to large number of advertisement networks to serve ads to
Android phone users.
Security researchers from Eurecom developed an automated system for detecting Android apps that connect to ad sites and user tracking sites without the knowledge of the phone user. Luigi Vigneri from Eurecom started with putting almost 2,000 free Android apps from the 25 categories on Google Play to test with the new automated system.
Vigneri and his team launched every single app on a Samsung Galaxy SIII Mini running Android version 4.1.2. The device had been programmed to channel all traffic through the team's own server, thereby recording all the URLs that each app tried to access.
The study's results showed that in total almost 2,000 apps connected to 250,000 different URLs from around 2,000 top-level domains.
The study added that though the majority of apps were connecting to a handful of advertisement networks and user tracking sites, some were more "prolific." The study found that Music Volume Eq, an app that manages volume, connected to almost 2,000 distinct URLs. The results are certainly shocking, leaving users to question why a music control manager app connects to such a huge number of sites.
The team added that almost 10 percent apps checked connected to 500 different URLs. The study added however that 90 percent of most frequently contacted ad-related domains were Google-run.
The truth of the matter though is that the findings of the study don't really reveal a significant danger to an Android user, and only a small number of studied apps connect to suspicious websites. However, if concerned about privacy, the study did find a large number of apps connecting to user tracking networks, even made by developers that
Google has itself rated well, with top developer status.
The results showed (
via MIT Technology Review) that more than 70 percent of the apps studied do not access user tracking sites, but the few that do actually connect to a significant number of sites, with one culprit, Eurosport Player, connecting to 810 different user tracking sites.
To also be noted is that Eurecom team used a smartphone running an outdated version of Android, and it is possible if the team ran the tests on a device running a more updated version of Android the results would have been different, with Google having already made changes to the back-end.