Home / News / Mobile App News / Free Android apps found to be tracking personal data

Free Android apps found to be tracking personal data


Google Play

A new report has found that thousands of free Android apps on the Google Play Store secretly connect to ad websites and track personal data.

Security researchers from the MIT Technology Review have published some disturbing findings following an examination of the Google Play Store, the primary app store for the Android OS.

It's well know that while Apple vigorously curates its App Store, Google has a far more hands-off approach to app approvals. That could have resulted in thousands of malicious apps making there way onto the Google Play Store.

The research team downloaded some 2,000 free apps from all 25 categories on the Google Play Store. It then ran each app on a Samsung Galaxy S3 running Android 4.1.2, which was specially set up to channel any internet traffic through the team's server.

In this way, any websites or urls the apps tried to access would appear. The team then compared these record urls to a list of known ad-related and user tracking websites.

Related: Google appears to be succeeding in halting Android malware march

Staggeringly, they found that the 2,000 apps connected to 250,000 urls. While most of these apps only connected to a few external urls, ten percent connected to 500 or more. The worst offender connected to 2,000.

The research team isn't just highlighting the problem - it's also developing an Android app to combat the issue. The NoSuchApp app will monitor outgoing traffic from a user's phone, highlighting exactly where its apps have been.


May 4, 2015, 12:21 pm

From this it's not clear just how this is different from what almost every website already does.

Yesterday I was wondering why the new (Lollipop-supporting) version of Moga Pivot now needs access to my location though. I didn't upgrade.


May 4, 2015, 8:31 pm

Always been curious who buys lunch for the guys behind ES File Explorer. Its a fantastic app, very professional, with no visible means of support. And it knows about everything on my device and on my network.

comments powered by Disqus