Security researchers have developed an automated system for detecting Android apps that secretly connect to ad sites and user tracking sites. There are essentially two starkly different environments in which to download apps. The first is Apple’s app store, which carefully vets apps before allowing only those deemed fit to appear. The second is the Google Play store, which is more open because Google exercises a lighter touch in vetting apps, only excluding those that are obviously malicious.
But because Google Play is more open, the apps it offers span a much wider quality range. Many connect to ad-related sites and tracking sites while some connect to much more dubious sites that are associated with malware.
“There are over 1.2 million applications on the Google Play store today with a large number of competing applications for any given use or function. This creates challenges for users in selecting the right application,” said the report. Most Android users don’t know that some apps connect to tracking sites and ad-related sites. As a result, malware can seep inside or your personal details leaked without your knowledge or a warning. There should be no problem in avoiding this but most Android phone device owners really have no idea that something suspicious is happening.
What if there’s a way to detect these annoying Android apps? Certainly, the mobile industry, or at least the Android market, will be a bit safer and more secure. Some French guys from Eurocome recently worked on a solution that would automate checking of malicious apps in Google Play. Sites the apps connect to are also checked. The result is that many apps connect outside without the knowledge of the owners.
Again, Google provided the most dominant tracking service applied on the Play Store, Google Analytics, but “in contrast to the results about ad-related destinations”, the researchers found “the mobile tracking ecosystem to be significantly more fragmented, with many more players”.
For many years, the Google Play Store only moderated apps after they had already gone live, in contrast to Apple, which has always acted as a rigid gatekeeper to its own mobile app store. But in March, the company shook up its store, introducing human moderators to check apps before they go live.