Study: Free Android apps track personal info without consent

Study: Free Android apps track personal info without consent

The study found that the 2,000 apps studied connected to 250,000 urls.

It is already well known that the Apple and Google Play stores are two entirely different animals. Apple maintains a rigorous process for vetting each app that goes into its store, while Google only excludes those that are obviously malicious. And while Google’s greater openness has long been a celebrated feature, a new report from a team of security researchers suggests that maybe things have become a bit too free-wheeling in the Google Play store.

Security researchers at Eurecom in France have conducted a massive study of free apps in the Google Play store. They monitored the sites these apps connect to, almost always without a user’s knowledge or consent. The results of the sweep, published in the MIT Technology Review, were disturbing to say the least.

The researchers started off by downloading over 2,000 free apps from all 25 categories on the Google Play store. They then launched each app on a Samsung Galaxy SIII that had been set up to channel all traffic through the team’s server, which allowed them to record all the urls that each app attempted to contact.

The results were not pretty. The 2,000 monitored apps connected to a jaw-dropping 250,000 urls. While many of the apps only tried to connect to a handful of ad or tracking sites, approximately ten percent of the tracked apps connected to over 500 different urls. SlashGear reports that one particularly egregious offender – “Music Volume EQ” – connected to 2,000 unique urls.

Fortunately, the Eurecom researchers are working on a solution – a soon to be released Android app. The program, called “NoSuchApp.” will monitor your outgoing traffic, letting you know which urls your apps are attempting to contact. It will be available soon in the Google Play Store.

Be social, please share!

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail