It turns out there is a price to Android apps you download for free: your privacy. According to data collected by French research center Eurecom, some free Android apps secretly connect to thousands of advertising and information-tracking websites without your knowledge.
The Eurecom team downloaded over 2,000 apps from the Google Play Store to test what sites the applications would attempt to contact. In a research paper titled “Taming the Android AppStore: Lightweight Characterization of Android Applications,” Luigi Vigneri and his fellow researchers found “several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity.”
While some of the activity is explainable—it’s not uncommon for free apps to be ad-supported—others were egregious. An app called Music Volume EQ connected to nearly 2,000 distinct websites, many of which hosted harmful content. Music Volume EQ has between 10-50 million downloads according to the Google Play Store. Though the app is designed as a volume adjuster that should require no internet connectivity, it inexplicably requires full network access in the app permissions.
Ten percent of all apps tested by Eurecom researchers connected to 500 or more URLs containing advertisements, and nearly 30 percent made contact with user tracking sites. Popular apps like Eurosport Player and widely used RunKeeper connected to over 800 tracking sites. Both apps are granted “Top Developer” status by Google, a label that is supposed to ensure quality.
Luckily, Vigneri and the Eurecom researchers aren’t just telling the world about this problem—they’re doing something to combat it. They’ve developed their own app: NoSuchApp (called “NSA” for short, with tongue planted firmly in cheek).
Available for free via Dropbox, NoSuchApp monitors the behavior of other applications and spots any time an installed app may try to reach out to a less-than-friendly destination. NoSuchApp is planned to be released through the Google Play Store in the near future. Other network monitoring apps including Network Connections can also suffice until NoSuchApp is more widely available.
H/T Technology Review | Illustration by Jason Reed