Thursday, May 21

Android Apps that Steals User Data Without their Consent

Wether you admit it or not, Android is not exactly the most secure platform in the world. It's easily hackable as it is customizable. Google has been working hard to make it more secure than ever but genius hackers always outsmart some Android developers. While other mobile platforms are also not safe from attacks, Android is more prone to being compromised simply because there are more Android devices ready to be exploited anywhere on this planet.
 


Unfortunately for Andrroid users, there are numerous apps that contain malicious codes and are not noticeable at first.
Most Android users don't know that some apps connect to tracking sites and ad-related sites. As a result, malware can seep inside or your personal details leaked without your knowledge or a warning. There should be no problem in avoiding this but most Android phone device owners really have no idea that something suspicious is happening.

What if there's a way to detect these annoying Android apps? Certainly, the mobile industry, or at least the Android market, will be a bit safer and more secure. Some French guys from Eurocome recently worked on a solution that would automate checking of malicious apps in Google Play. Sites the apps connect to are also checked. The result is that many apps connect outside without the knowledge of the owners.
Honestly, this information is nothing new but we now have numbers of how many apps run aside from what is asked. 

Luigi Vigneri and his colleagues have downloaded more than 2,000 free apps from the Google Play Store in all 25 categories. Using an old Samsung Galaxy S3 and Android 4.1.2 version, the group found out there are several apps who secretly contact outside websites. There's a process that records all URLs being contacted.
After getting the list of URLs, they then compared and looked for ad-related and user tracking sites already on the EasyList and Easy Privacy database. More than 250,000 URLs across 2,000 top level domains were listed. Some Android apps have been found out to connect to thousands of distinct URLs. One perfect example is the Music Volume Eq app which connected to almost 2,000 URLs. Ten percent of the apps analyzed connected to 500 URLs, some up to 800 user tracking sites, and most of these ad-related domains are run by Google.
There are less user tracking sites being contacted and about 70 percent of apps do not really connect to any user tracking site. The Eurosport Player app is found out to be the worst offender connecting to 810 sites.
To further monitor the behavior of such apps, Vigneri and company thought of developing a new app called NoSuchApp. You can call it as NSA, an acronym that also comes from the same group that fights for America's safety and security--the National Security Agency. Call this app NSA, download it, and be confident that your Android phone is safe from malicious activities.

Vigneri and his team are still working on the app but it should be ready on Google Play Store anytime soon.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.