acm-header
Sign In

Communications of the ACM

ACM TechNews

When Apps Talk Behind Your Back


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Popular android apps could be compromising users' security, UCR researchers have shown.

A study by researchers at the University of California, Riverside found nearly 9% of popular apps downloaded from Google Play actually interact with websites that could compromise users' security.

Credit: UCR Today

University of California, Riverside (UCR) researchers recently conducted a study, which found nearly 9% of popular apps downloaded from Google Play interact with websites that could compromise users' security and privacy.

The researchers are developing the Android URL Risk Assessor (AURA) so users can evaluate the riskiness of individual apps before downloading them. They conducted a large-scale analysis of URLs embedded in 13,500 free android apps downloaded from Google Play. "We focused on a relatively neglected aspect of security research, which is the potential for good apps to leak personal information through the sites they interact with," says UCR professor Michalis Faloutsos.

The researchers used AURA to identify more than 250,000 URLs accessed by the 13,500 apps, which were then cross-referenced for trustworthiness using VirusTotal, a database of malicious URLs, and Web of Trust, a website rating system. The researchers found almost 9% of the popular apps interacted with malicious URLs, and 15% talked to bad websites. In addition, 73% of the apps talk to low-reputation websites, and 74% talked to websites containing material not suitable for children.

The researchers note that although these results are troubling, they only show users are potentially exposing themselves to risk, not that each of these interactions would necessarily result in negative consequences.

From UCR Today
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found