MIT research finds Android apps doing covert data transfers
Researchers at MIT have discovered that much of the data sent and received by 500 most popular Android applications for Google Android cell phones do not have any significant effect on the users' experience.
The findings were reported at the IEEE/ACM International Conference on Automated Software Engineering last week.
Called covert communications, the data transfers are sending out information about usage patterns and program performance to help developers improve the apps.
Julia Robin, a researcher at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL), told the MIT News that the app developers might have a very good reason for the convert communications. However, the users need to be informed about this hidden data transfer.
By analyzing the communication channels opened by 500 of most popular Android apps at Google Play Store, the research found that roughly 50% of them made external communications that have no effect on the app functionality and have no bearing on user experience.
The researchers analyzed the apps by mapping out all of the possible ways that data can flow through an app. They used analytic tools to determine whether a given command to open a communication channel will result in the mobile's display or speaker.
They produced modified versions of the apps, in which the covert communications were disabled. They then compared the performance of the modified and the original versions of the apps.
The study resulted that 30 of 47 analyzed apps have no difference in performance between the two versions.
The study also reported that one of the apps that allow covert communications is the Walmart app. The app sends information to a server that appears to be associated with eBay whenever the users scan the barcodes of products on the app.
Other apps like Twitter, Pandora, and Spotify have been also covertly collecting information and transmit data from the users' mobiles.
One of very few apps that have no covert communications is Candy Crush Saga.
According to ZD Net, the main sources of covert communications are Google services and various mobile advertising and analytics services.
The top 10 app developers that allow covert communications include Google's background service, Gameloft, InMobi, Millennial Media, Mopub, Tapjoy, Facebook, and Flurry.
The study has raised concerns on privacy and performance issues, as the covert communications used a lot of the battery and consumed mobile data allowance without the users knowing it.
According to Engadget, the concern is also that the apps developers don't inform the users about what they're doing with the covert data transfers. The apps could put the users' information at risk.