Security researchers developed a method to automatically track Android shady apps

Smartphone SpyAnyone who has owned any kind of Android run device, from their phones to their Chromebooks, is well aware that their apps can be a crapshoot. But now a new method for auto tracking apps that connect to data mining or ad sites could offer a potential solution.

The problem comes down to the way Google allows apps to appear in the Google Play store. Being a company that is based on open products, they have run their apps in the same way. Horrible programs can be sold, and it is allowed, as long as there is no deliberately malicious intent such as phishing or financial scamming.

Unfortunately, there is no regulation for mining data, connecting to ad sites, or selling information to third parties. This is at the discretion of the user to each app. Given how subtle warnings can be contained in terms and services, it is no wonder so many get away with this.

Eurecom wants to provide a way to protect users from this. They have come up with an automated program for tracking all connections made from apps in the Android store. That means hunting down websites that each are attached to, and finding out when user information is being used in an inappropriate way.

Downloading thousands of apps, they ran them through a Samsung phone with the latest version of Android. As the websites ran through their personal server, it recorded each website.

Once they had a list of more than 2,000 sites, they compared it to two user privacy advocacy databases, EasyList and EasyPrivacy. This brought up a shocking number of hits to data tracking and ad websites known on the web.

A single app can connect to thousands of unique domains. Some of the apps which do so don’t even have the need for a connection, but pass along information for profit as they run in the background, without the user being any wiser.

What are these domains? Various ad sites, mostly. But many of them run through Google, and that is where the real issue lies. It also may be the reason Google is not more stringent in their app monitoring, or maintain the standards that stores like iTunes do. They could very well be making a profit themselves out of these shady apps.

Source: Cornell, MIT

Leave a Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.