Top Android Apps Covertly Sending Data To Private Servers For Undisclosed Reasons: Study

Researchers at MIT and Global InfoTek conducted an extensive study on the behavior of Android apps and found out that most of them carry out communications that don't have any significant effect on the end users' experience.

Of the top 20 Android apps on the Google Play Store minus chat programs, the researchers discovered that 62.7 percent of the communications they execute could be considered "covert," and when those covert communication channels of the top 47 apps were disabled, the group determined there was no major impact on the apps' performance.

Usually, about half of these anonymous communications send usage and performance feedback to developers, which are linked to analytics and advertising (A&A) libraries. However, they only make up about 43 percent of the entire process, where the remaining half is unknown.

"The interesting part is that the other 50 percent cannot be attributed to analytics. There might be a very good reason for this covert communication. We are not trying to say that it has to be eliminated. We're just saying the user needs to be informed," Julia Rubin, a postdoc at the Computer Science and Artificial Intelligence Laboratory (CSAIL) at MIT who led the research, says.

The team gave some examples of the popular apps and their communications behaviors.

"[T]witter uses covert connections to collect information about videos and other rich media attachments followed by the users in tweets. The GO Keyboard application sends, via a covert connection, a set of ids to the launchermsg.3g.cn server; it also sends some encrypted data, which we could not decode, to nextbrowser.goforandroid.com," part of the study reads [pdf]. "Both Pandora and Spotify music players use Facebook's social graph services [12], sending out information about the application usage."

Of the 500 most popular apps on the Google Play Store, the researchers analyzed the communications channels that opened when each app was launched, finding out that 50 percent of those communications appear to have no relation to users' experience at all.

To reinforce their findings, the group had test subjects try and spot any difference between the two versions of each app, where one had disabled communications channels and the other remains as the developers made them. The subjects couldn't detect anything wrong in 30 out of 47 instances, where five apps stopped working, nine lost ads and three had "minor" differences.

On an interesting note, Facebook has had some issues on iOS over silent audio occurrences and CPU spin mishaps, which lead to fast-draining batteries. On the other hand, Candy Crush Saga, which received criticism a few years ago over apparent privacy violations, didn't seem to launch covert communications.

"They've become a model citizen," Rubin says.

Photo: Frank de Kleine | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics