NoSuchApp Warns Android Users About Suspicious Behaviour of Apps
Most of us love Android but when it comes to users’ privacy, we come to know about its darker side. A team of security researchers from France’s Eurecom and Technicolor Research are developing an application that could warn Android users when installed apps are covertly involved in any acts violating users’ privacy or connecting to ad networks. The prototype is named as NoSuchApp (NSA) that monitors traffic and URLs requested by apps to ad-serving and other user-tracking domains. Researchers devised a methodology to extract description of application network behaviour and apply this to variety of apps on Google Play Store.
The team’s original research, made available on Cornell University Library website, informs that the aim of the app is to warn users about behaviour of the already installed apps and remove “bad actor†apps that unknowingly harm user privacy. Researchers Luigi Vigneri, Jaideep Chandrashekar, Ioannis Pefkianakis and Olivier Heen tested and analysed the behaviour of about 2146 apps from Play Store from 25 different categories. Apps were analysed for network connections, URLs requested by them and other parameters using various services. Out of all apps under consideration, 1710 were found with huge traffic activities. Reportedly, these apps connect to almost 250,000 unique URLs from 1985 top-level domains. All found URLs were classified in three categories- tracker URL, ad related and other. The first two categories are self-explanatory while third category was analysed using websense.com service. The overall results were breath-taking as it was found that about 67 percent apps made requests to ad-related URLs and 26.8 percent apps made contact to user tracking services. VirusTotal scan marked about 5.6 percent of URLs as suspicious and Webutation marked 2.9 percent of domains as malicious. The paper mentions that apps from Google Play Store make connections to domains which are not required for its functioning and the app carries out all these activity secretly, without any information to user.
The not-so-user-favourable results lead to the development of watchdog-NSA. NSA works like a local proxy to gather data about traffic and then matches it according to the researchers’ matching process. It does this efficiently without any load to the device. Users can then check for the apps making connections with URLs associated with ad-networks, tracking services and other malware. NoSuchApp helps to blacklist other apps based on what other users observed. The app is being developed only for Android, as researchers believe that Apple’s policies about iOS apps can detect bad elements before the app is available for download. Developers hope to make NoSuchApp available for download on Google Play Store in near future.
Via #-Link-Snipped-#| Original research: #-Link-Snipped-#
The team’s original research, made available on Cornell University Library website, informs that the aim of the app is to warn users about behaviour of the already installed apps and remove “bad actor†apps that unknowingly harm user privacy. Researchers Luigi Vigneri, Jaideep Chandrashekar, Ioannis Pefkianakis and Olivier Heen tested and analysed the behaviour of about 2146 apps from Play Store from 25 different categories. Apps were analysed for network connections, URLs requested by them and other parameters using various services. Out of all apps under consideration, 1710 were found with huge traffic activities. Reportedly, these apps connect to almost 250,000 unique URLs from 1985 top-level domains. All found URLs were classified in three categories- tracker URL, ad related and other. The first two categories are self-explanatory while third category was analysed using websense.com service. The overall results were breath-taking as it was found that about 67 percent apps made requests to ad-related URLs and 26.8 percent apps made contact to user tracking services. VirusTotal scan marked about 5.6 percent of URLs as suspicious and Webutation marked 2.9 percent of domains as malicious. The paper mentions that apps from Google Play Store make connections to domains which are not required for its functioning and the app carries out all these activity secretly, without any information to user.
The not-so-user-favourable results lead to the development of watchdog-NSA. NSA works like a local proxy to gather data about traffic and then matches it according to the researchers’ matching process. It does this efficiently without any load to the device. Users can then check for the apps making connections with URLs associated with ad-networks, tracking services and other malware. NoSuchApp helps to blacklist other apps based on what other users observed. The app is being developed only for Android, as researchers believe that Apple’s policies about iOS apps can detect bad elements before the app is available for download. Developers hope to make NoSuchApp available for download on Google Play Store in near future.
Via #-Link-Snipped-#| Original research: #-Link-Snipped-#
0