Security researchers have developed an Android app which tells users when other apps on their mobile devices are tracking their behaviour or connecting to ad networks, after finding that there was no mechanism in place for users “to understand who applications are talking to, and to what extent”.
In a study titled ‘Taming the Android AppStore: Lightweight Characterisation of Android Applications’, four researchers from France’s Eurecom and Technicolor Research wrote that when they tested 2,146 applications with internet-access permissions in the Play Store, they found “several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity.”
The survey found 1,710 applications generating network traffic, requesting some 250,000 URLs on 1,985 top-level domains. Of these, 67 per cent connected to a known ad domain, with each requesting 40 different URLs on average.
Another 26.8 per cent of the tested apps connected with tracking URLs, 5.6 per cent of which were marked as “suspicious” on the VirusTotal scan, while Webutation categorised 2.9 per cent were “malicious”.
This made the researchers realise the need for a tool, NoSuchApp, to give users “more visibility into the communication of apps installed on their mobile devices”. It “monitors outgoing traffic, associates it with particular applications, and then identifies destinations in particular categories that are suspicious or important to reveal to the end-user”.
The app sets itself up as a local proxy and uses the researchers’ matching process to check the URLs requested.
In the future it may be used to crowdsource an “app reputation system”, where users can look at the traffic being generated by apps they use and tag it as ‘normal’, ‘unexpected’ or ‘suspicious’.
While the researchers note that a “lack of oversight in Android Play Store makes it all too easy for users to install applications of dubious origin”, they believe Apple’s strict regulations means suspicious apps do not usually make it to its App Store.
NoSuchApp was available via a Dropbox-hosted download but was reportedly taken off due to excessive traffic. It is set to come to the Google Play store in the near future.