Using a lot of Android free apps on your phone? You probably have visited over 200,000 websites, including: tracking and malware websites without even knowing it.
Most apps are usually downloaded by users from Apple Apple Store or Google Play. While Apple makes sure to check all apps before displaying them on their App Store as a form of a security protocol, Google takes the subject a lot lighter and only removes obvious malicious software from its store.
Researchers from Eurecom have recently exposed shocking data in an MIT Technology review that a lot of free Android apps not only track your every move, but also send your personal information to thousands of untrusted websites. The cyber scientists installed over 2000 free Android apps from the store’s top 25 categories and monitored web traffic from them. The result was dreadfully startling as all apps connected to a total of 250,000 different URLs scattered around over 2,000 domains.
“In our work, we first develop a lightweight characterization methodology that can automatically extract descriptions of application network behavior, and apply this to a large selection of applications from the Google App Store. We find several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity,” says Luigi Vigneri, head of the research team, on the research paper.
Since more than 1.2 million apps can be accessed on Google Play Store, the ability for users to chose the right app is extremely difficult as a lot of free Android apps have no verified sources.
“The lack of oversight in Android Play store makes it all too easy for end users to install applications of dubious origin, or those which silently carry out activity that might not be seen favourably by the user.”, Vigneri continued.
One particular app was found alarming, called “Music Volume EQ”, developed to manipulate the volume of a hand device, has naturally no need to build a connection to an external URL. However, as it turned out to be, this app connects to 2,000 different URLs on its own. An app that provides volume equalisation features shouldn’t require any internet access, but it does in fact connect to over 1,000 ad and malware websites and it has over 10 million downloads on Play Store.
How to securely install free Android apps?
Because most users don’t know how to choose the most secure and trusted free Android apps, Vigneri created an app called “NoSuchApp” or NSA to monitor how other apps operate on the user’s device and discover which external websites those apps attempt to connect to.
“With this application, our goal is to provide a mechanism for end users to be aware of the network activity of their installed Android applications,” said Vigneri.