Tapped: Researchers found a quarter of Android apps have malicious connected trackers. Photo: Glenn HuntOne in four apps on an Android mobile phone is loaded with an excessive number of un-related “trackers” that are funnelling valuable personal information to third parties.
Popular games apps My Talking Tom and Swamp Attack in the Google Play store are among the worst apps, each loaded with more than 20 “connected trackers”, a study by Australian IT research agency NICTA shows. In contrast, the top 100 paid apps had on average 1.3 trackers each.
“There is some element of the app trying to deceive the user, doing something more than its declared function,” said author Aruna Seneviratne, NICTA’s research leader in mobiles.
“The trackers are leaking a huge range of data like contacts and your browser history to third parties so they can build a picture of you.”
The Google Play market holds more than a million apps and has seen more than 50 billion downloads to date. Cyber safety experts have long criticised Google for its lax security regime in comparison to Apple’s app store.
Professor Seneviratne said the big number of free flashlight apps showed many developers were creating ones loaded with trackers that can collect location data, photos and call logs.
A separate 2014 study found the top 10 flashlight apps in Google Play were all spying on users. They should also average 72k in size, but some were found to be 50 times larger.
“I can write a flashlight app and give it away free and get information. In the malicious case, you can use it to do other things, finding out your exact location,” he said.
The study found the top 100 paids apps had on average 1.3 trackers each, whereas the top 100 free ones carried 3.7.
“There’s this belief paid apps are safe. But whether free or paid, the same type of information is being extracted by external parties, ad agencies, analytics agencies.”
Nigel Phair from the Centre for Internet Safety at the University of Canberra said smartphone users need to know free, especially in the app market, was never free.
“The reason an app is free is because they monetise who you are and what you do, whether it’s in-app advertising or seeking your address book,” he said.
“Identifying data that is geo-located is roughly four time more valuable to advertisers,” he said.
Mr Phair also said Google Play was a “completely unvetted” whereas the Apple App store was a “walled garden”.
Professor Seneviratne, whose study was accepted for presentation at this year’s International World Wide Web Conference in Florence, Italy, also criticised Google’s reactive stance in dealing with problem apps.
A Google spokesperson said its 2014 research showed fewer than 1 per cent of Android devices had a “potentially harmful app” installed.
He said more than a billion devices were “protected” with Google Play, which conducts 200 million security scans of devices each day.
“We are committed to providing a secure experience. Verify Apps, for instance, is a Google Play service that scans applications downloaded from third-party sites and flags any that look like they might be malicious,” he said.
“This technology is built directly into Google Play, and if an app is flagged we automatically remove it so you don’t have to worry about downloading bad apps from Google Play.”
An Apple spokesperson declined to comment.
This story Administrator ready to work first appeared on Nanjing Night Net.