Monday, May 4, 2015
» » » Free Android Application Found Follow-up To The Personal Data

on
No Comment
Free Android applications are receiving a little promiscuous. That, at least, is the conclusion of a group of security researchers who find applications poorly investigated in Google Play is connected to a massive number of advertisements and follow-up of sites without that users be any the wiser.

Google Play


While Apple rigorously reviewed everything that appears in its app store, Google Play is much more open, excluding only applications that are obviously malicious. Many of us love the wild west environment application Google has grown, but a wider range of quality you can leave space for applications that play fast and freely with their users. That is why the security researchers Eurecom's worldwide distributed honeypot system in France have carried out a massive sweep of free applications, monitoring of the sites that are connected on the back of their users. MIT Tech Review describes his recent study:

Vigneri and co began by downloading over 2,000 free apps from all 25 categories on the Google Play store. They then launched each app on a Samsung Galaxy SIII running Android version 4.1.2 that was set up to channel all traffic through the team’s server. This recorded all the urls that each app attempted to contact.
Next they compared the urls against a list of known ad-related sites from a database called EasyList and a database of user tracking sites called EasyPrivacy, both compiled for the open source AdBlock Plus project. Finally, they counted the number of matches on each list for every app.

However, the 2,000 applications in question connected to a whopping 250,000 urls in almost 2,000 top-level domains. Most of these applications were juvenile offenders, just trying to connect to a handful of advertising sites or follow-up, but more or less ten percent of the applications studied connected to more than 500 different urls. (As you would expect, 9 of the 10 domains related ad-contacted more often are administered by Google). Up criminals include "EQ Music Volume", which connects more than 2000 different urls, and Eurosport Player, it engages the user with 810 different monitoring sites.

Fortunately, the researchers are also working on a solution: a new application for Android, called "NoSuchApp" that monitors outbound traffic from a user's phone, revealing exactly what sites your external applications are trying to get in touch. Keep an eye out for NoSuchApp Play in the Google store-this NSA, at least, promises that not going to spy on you.

[MIT Tech Review]
Posted by at 5:14 AM
Share:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)