Top Android app devs found exfiltrating mystery stealth packets
Half of covert packets are about analytics, half are a mystery
Four researchers have found two thirds of the most popular Android apps indulge in seemingly-useless covert chatter with remote servers.
Top developers including Gameloft, Unity3d, and grillgames are implicated to varying degrees.
The chatter has no use to users. About half of the traffic is related to analytics, such as that used by Twitter and Pandora, with the rest of unknown purpose.
They make the findings in the paper Covert Communication in Mobile Applications (PDF)
"Analytics services collect information about application performance, crash and usage data, as well as the exact actions the user performs within the app. While this information has a clear value to the developer, no apparent description specifying the nature and frequency of the data collection is presented to the user.
In fact, some applications start collecting analytics information even before they get activated. For example, twitter, Walmart and Pandora start their data collection as soon as the phone is booted and continue, periodically, during the phone’s entire up time, even if the applications themselves were never used. In most cases, the user cannot opt-out from such data sharing without uninstalling the application. "
Five apps died when the covert chatter was killed off after the code in question was manipulated by the research team.
The team of Massachusetts Institute of Technology's Julia Rubin, Michael I. Gordon, and Martin Rinard, and Global InfoTek's Nguyen Nguyen, found the component com.google was used in three quarters of covert chatter starting nearly 2000 calls or about half of all measured. ®