Are Your Apps Tracking You?

Free isn’t really free. I think that most people probably know this, but for some reason when it comes to apps, we all seem to forget that. So, what exactly do developers mean by labeling apps ‘free’ in an app store? Well, a study was conducted in France looking at nearly 5,000 of the top free apps on the Google Play store to see how many of them communicate with various tracking, advertising and otherwise suspicious sites. And, I must say, I was more than a little surprised to read the findings. I don’t know how long the study took, but basically what the researchers did was select the 100 most popular applications and the 100 newest application in each category on Google Play (a total of around 5,000 apps). They then downloaded these apps, one at a time, to a Samsung Galaxy SIII Mini GT-I8190 running Android Kitkat 4.1. The phone was connected to a proxy server to monitor what URLs the various apps requested and communicated with. The researchers were looking for three different types of communications: Ad traffic, tracking sites and suspicious sites (which were likely to contain malware). All HTTPS traffic was excluded You can read the full report here, but I’ll summarize some of the findings below. URL Connections

• Some applications connected to almost 2,000 different URLs
• A large number of applications generated no traffic at all
• 10% of the apps tested connected to more than 500 distinct URLs
• The average number of URLs for each application was 40

Domains

• the median number of domains connected to is 4
• Some apps connected to more than 100 domains
• About half of the apps connected to less than 4
• Roughly 10% of apps connected to 20 or more domains

Ads and trackers

• 33% of apps do not communicate with any ad destinations
• more than 66% of the applications connected to an ad URL
• The three most prominent ad-related domains all belong to Google
• the top 16% of the apps connected to 100 or more trackers
• The ‘high tracker’ apps tend to more popular and highly rated

Apps to Avoid

Pretty scary, right? So, if you’re interested in protecting your privacy, I’d recommend avoiding these apps. As a note, some of these apps are not going to be available on the English version of Google Play, but a few of them are available.

Italics indicates the app is also in the Top 10 URL list as well

Italics indicates app is from a Top Developer, as rated by Google

NSA App (no, not that NSA)

The researchers behind this study have announced that they will soon be releasing their own app to allow consumers to be more aware of what their apps are doing in the background. Called NoSuchApp (NSA) the app will basically monitor and report on ad, tracker and suspicious activity engaged by all apps. The app will be available for Android users and does not have a release date yet.

Should you be worried?

While all of these numbers and figures look pretty terrifying, at the end of the day it’s worth noting that a good portion of these apps are probably doing legitimate business in the background. I mean, those banner ads have to be downloaded from somewhere, right? That means connecting to a network somewhere to get the ad to load it on your screen. The tracking and ‘suspicious’ sites, however, is perhaps a bit more cause for concern. As always, it’s best to be cautious and make sure you know what you’re getting into when you download a free app. Free is not really free, after all, and your device has a lot of personal information on it that you might not be comfortable sharing with third parties. Especially when it’s done in the background. So what do you think? Are you concerned about apps connecting and tracking you? Share your thoughts with me in the comments!]]>