Covert Android App Communications May Share Secret Data

A lot of information Relevant Products/Services gets transferred back and forth after users launch mobile apps, but only some of it is related to the actual tasks they’re trying to execute. In fact, researchers have been unable to find any obvious reasons for nearly half of the communications that take place after users launch some of the most popular Android apps.

Researchers have found that “covert communication is quite common in top-popular Android applications in the Google Play store (pictured),” according to Julia Rubin, a post-doctoral researcher at the Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Laboratory, who led the research Relevant Products/Services. In addition, after disabling all covert communication channels in 47 top apps, the research team found there was no noticeable impact on how most of those apps performed.

So what kinds of communications are taking place when users run popular apps? While about half of those behind-the-scenes communications appear to be related to analytics packages providing usage and performance feedback to developers, the rest remain a mystery.

Communication Purposes a Mystery

“There might be a very good reason for this covert communication,” Rubin said. “We are not trying to say that it has to be eliminated. We’re just saying the user needs to be informed.”

Starting with the 500 most popular free Android apps, the research team analyzed the communication channels that were opened after each app was launched. Roughly 50 percent of those communications didn’t appear to have any connections to the user experience.

After disabling the ability of each app to initiate covert communications, the researchers ran usability tests to compare how the modified and unmodified apps performed. In 30 out of 47 apps, test subjects couldn’t identify any difference between how the apps performed. Just five apps stopped working completely, while nine continued operating but were missing advertising and three showed “minor” differences in performance.

Candy Crush Now a ‘Model Citizen’

Among the Android apps the research team looked at were Candy Crush Saga, Twitter, Pandora, Spotify and Walmart. For example, they found that a Walmart app designed to let users scan product bar codes to determine the price of an item for some reason also relayed data Relevant Products/Services to a server that appeared to be connected to eBay. Disabling that communication channel on the app didn’t result in any noticeable impact on the app’s performance.

Another finding was that Candy Crush Saga, which has received scrutiny in the past for apparent privacy violations, didn’t appear to involve any covert communications. “They’ve become a model citizen,” Rubin said.

Behind-the-scenes app activities have been linked to a variety of impacts for users. Last month, for instance, Apple removed more than 250 apps from its app store after a watchdog company found that those apps were based on an SDK that secretly extracted and relayed personal data to a third party in China.

And Facebook recently released a new version of its iPhone app after discovering that phantom audio sessions and CPU spin were leading to fast-draining batteries. Earlier this year, European researchers also found “overly aggressive” communication with tracking Web sites among some popular Android apps in the Google Play Store.


Read more..                                                                                                                    Source by toptechnews…


You may also like...