The researchers produced modified versions of 47 of the top 100 Android apps to prove their analytic technique. The communication channels in the Android apps that their tools recognized as covert were disabled. Then, in a series of studies, the performance of the modified and unmodified versions of the program were compared. Out of the 47 modified apps, 30 subjects could not figure out the difference between the two versions. While in the remaining 17 instances, nine apps had missing advertisements, three apps had minor differences, and the remaining five apps stopped working completely. To get an insight about the possible purposes of apps covert communication, some data traffic of the most popular apps were analyzed by the researchers. For instance, when a Walmart app sends information to eBay whenever you scan a barcode has no practical effect on it when you disable that connection. Similarly, the popular Candy Crush Saga game appeared to engage in no covert communication. This doesn’t mean that the issue is Android-specific or the data itself is suspicious. Half of the communication connections come down to analytical data like crash and performance reports, which are present on iOS and other platforms. Some of it may be anticipatory, in an attempt to guard against interruptions in Internet connectivity. These titles don’t say what they are doing with these communications which becomes more of a concern. While the activity is likely to be unharmful, even the best-intentioned developers could be party to breaches of privacy or security by putting your info in danger for no reason. Resource: MIT
