A new report has found that thousands of free Android apps on the Google Play Store secretly connect to ad websites and track personal data.
Security researchers from the MIT Technology Review have published some disturbing findings following an examination of the Google Play Store, the primary app store for the Android OS.
It’s well know that while Apple vigorously curates its App Store, Google has a far more hands-off approach to app approvals. That could have resulted in thousands of malicious apps making there way onto the Google Play Store.
The research team downloaded some 2,000 free apps from all 25 categories on the Google Play Store. It then ran each app on a Samsung Galaxy S3 running Android 4.1.2, which was specially set up to channel any internet traffic through the team’s server.
In this way, any websites or urls the apps tried to access would appear. The team then compared these record urls to a list of known ad-related and user tracking websites.
Staggeringly, they found that the 2,000 apps connected to 250,000 urls. While most of these apps only connected to a few external urls, ten percent connected to 500 or more. The worst offender connected to 2,000.
The research team isn’t just highlighting the problem – it’s also developing an Android app to combat the issue. The NoSuchApp app will monitor outgoing traffic from a user’s phone, highlighting exactly where its apps have been.