Did you just use a free app on your Android phone? Without knowing it, you may have just visited thousands of advertising websites, tracking websites, even sites loaded with malware.
Cyber security researchers in France have discovered that certain Android applications not only help secretly track your every move, but they potentially give your information to hundreds of thousands of other websites.
The research, published in the MIT Technology Review, was done by Eurecom of France. Researchers focused on the Google Play Store, which has more than 1.2 million apps, making it “the largest and most prevalent Android marketplace today.” They downloaded 2,146 free Android apps from the 25 app categories in Google’s Play Store.
Next, they launched each free app on a Samsung Galaxy S3 smartphone set up to funnel all of the traffic through the team’s server. They then recorded all of the web sites each app tried to connect to. What they found is stunning.
The apps, according to Eurecom, were connecting to about a quarter million external web pages. According to the research, one app, Music Volume EQ, connected to more than 2,000 distinct third parties. The researchers also found 30% -- or more than 640 free apps -- linked to websites that secretly track you.
According to security experts, since free apps have to make money somewhere, they get paid by, say, advertisers who voraciously want your data, including domains like Google’s doubleclick or admob. The researchers found that, of the 20 most frequently contacted domains, nine out of 10 corresponded to various Web services run by Google.
Whatever information you loaded into your application for your free app may be shared without you knowing it. The Eurecom Taming the Android App Store report also indicates that Google Play store has a more lax, less controlled app environment than the Apple store. Google did not immediately respond to a request for comment from FOX Business.
The apps Eurecom monitored, besides Music Volume EQ, include signal.booster.conchi, VidTrim, Football 365, Nail Art Tutorials 2014, The Weather Channel, Logo Quiz, PowerAmp Music Player, Music Explorer, and Motor Racing News. All of these apps were found to be linking out to other sites.
While more than 70% of the apps Eurecom studied did not connect to any user tracking sites, “those that do can be extravagant, some connecting to more than 800 user tracking sites,” the researchers said.
“We find several instances of overly aggressive communication with tracking websites, of excessive communication with ad-related sites, and of communication with sites previously associated with malware activity,” the Eurecom report said. "Moreover, some of the applications being of dubious origin, there are no mechanisms for users to understand who the applications are talking to, and to what extent.”
The study comes as the European Union is weighing new regulations to clamp down on the world's biggest Internet companies. The EU recently accused Google of abusing its market power. The European Commission is working on sweeping new rules for the technology industry that could affect numerous companies, ranging from Amazon, Google to sharing companies like Uber or Airbnb Inc. The EC is also looking into how transparent web companies are about how they store and use data and display search results.