Popular Android Apps Transmit Hidden, Superfluous Data Say MIT Researchers
It's no secret that a countless number of mobile apps indulge in a bit more of our data than we'd like, and many even handshake with external servers, causing us to wonder what on Earth they're doing. Well, as some researchers at MIT have found out, a huge number of the top 500 apps on Google's Play Store send data back and forth that has absolutely nothing to do with the functionality of the app. Cue the eerie music.
The researchers like to call this kind of communication "covert", as the fact that it's happening is completely invisible to the user. While it's easy to jump to conclusions about ill intent, project lead Julia Rubin isn't sold on it quite yet. She says, "There might be a very good reason for this covert communication. We are not trying to say that it has to be eliminated. We’re just saying the user needs to be informed."
Still, there are questions to be raised about why any app would send insignificant data to a remote host. In order to make sure that this data was needless, the researchers modified 47 of the top 100 Play Store apps to disable those superfluous communications. Interestingly, test subjects couldn't spot any difference whatsoever in 30 of the 47 apps - they appeared identical to the untouched thing.
Even more interesting is the fact that five of the applications stopped working entirely. The cause of one of these incidents is that copy protection was in effect severed, so the app simply stopped working. The researchers have been unable to come up with reasons for the other four apps failing to work.
In some cases, very unexpected behavior occurred. In the Walmart app, for example, the researchers noticed that whenever a bar code was scanned to retrieve a price, it for some reason queried an eBay server.
While Candy Crush Saga was once lambasted for privacy violations, the app has apparently turned over a new leaf. According to these tests, the app has no covert communication whatsoever. "They've become a model citizen," says Rubin.
Throughout all of this testing, it doesn't seem that anything truly concerning was revealed, even though some of it is downright odd (such as the Walmart app's behavior). Google might do well to force app developers to be transparent about this kind of communication, because if it doesn't affect the app's ability to function, it shouldn't be needed.