Researchers Detect Android Apps That Connect to User Tracking and Ad Sites

An anonymous reader writes: A group of European researchers has developed software that tracks the URLs to which cellphone apps connect. After downloading 2,000+ free apps from Google Play, they indexed all the sites those apps connected to, and compared them to a list of known advertising and user tracking sites. "In total, the apps connect to a mind-boggling 250,000 different URLs across almost 2,000 top level domains. And while most attempt to connect to just a handful of ad and tracking sites, some are much more prolific. Vigneri and co give as an example "Music Volume Eq," an app designed to control volume, a task that does not require a connection to any external urls. And yet the app makes many connections. 'We find the app Music Volume EQ connects to almost 2,000 distinct URLs,' they say. [Another major offender] is an app called Eurosport Player which connects to 810 different user tracking sites." The researchers plan to publish their software for users to try out on Google Play soon.

Nothing new

[jbernardo]

We should know by now what are the costs of "free". That is why I use a hosts file for ad and tracking block.

I only wonder why they only tested android apps, and left out IOS apps. Without this comparison, the first paragraphs of the article, blaming the tracking and ads on the openness of Android, is little more than wistful thinking.

Re:Nothing new

How do you install a hosts file on your Android?

They probably chose Android because the majority of apps are free. If they had to pay for all those apps, it would have been an investment.

Re:Nothing new

ios apps do the same thing.. windows 'apps' do it.. they all do it.

sadly, even the paid apps do it.. and the data from them is even more valuable.. because you've shown a willingness to buy or get suckered by a paid-app.. you could be an easy mark for more.

Re:Nothing new

https://www.google.com/search?...

Re:Nothing new

You need root access to edit it, but it's already there and it's just like your normal hosts file.

Re:Nothing new

This isn't something that's unique to free software. Without any comprehensive audit there's really no incentive to 'not' abuse the advertising channels. It's not like the end-users can tell, and it's all free money for the app writers. Why wouldn't you do it?

Re:Nothing new

[MouseR]

Actually, Apple does try to catch those apps that sign out. In the process, they will miss the more cunning ones. And they make false positives.

One of my free iOS Apps, a RPN stack-based scripting language, came with some sample scripts you could in-click install (aka, move from App bundle into the sandboxed Documents). The App also had a button linking directly to a Wiki explaining the language and had copies of the scripts.

Somehow Apple evaluated that my App downloaded the sample scripts from my wiki down to the user device. They considered it violated the TAC concerning the "download of executable code" and had refused my original App submission. No amount of debating on the phone with Christ Whats-His-Name resulted in him even wanting to listen, giving me the cold shoulder. I shrugged it off, reworked some of the app and shipped.

Many revisions later, the App actually still has some sample scripts that it "auto installs". Just no longer has the Wiki link directly (it has a script to access it and now, inline manual).

Re:Nothing new

[antdude]

How do you add a hosts into non-jail broken iOS? I still haven't found a good free non-proxy web browser ad blocker. I found one, but it was a trial.

Re:Nothing new

[tlhIngan]

I only wonder why they only tested android apps, and left out IOS apps. Without this comparison, the first paragraphs of the article, blaming the tracking and ads on the openness of Android, is little more than wistful thinking.

Well, if the apps are just ports of each other, then it's exactly the same.

However, if you want to make money, the business models on iOS and Android differ. On iOS, selling a paid app is a really good way to make money - iOS users will pay for apps.

But on Android, paid apps are put under a huge disadvantage compared to free apps, especially since Google Checkout isn't available in a lot of markets because of regulatory or other issues. Compare paid versions of iOS and Android apps, and iOS pretty much dominates - despite Android's far far far greater marketshare. So if you're a developer, you're going to make your app ad-supported. Not only is this the only business model that works on Android, it's one where you can easily make way more money than iOS.

Even ad-supported apps on iOS are under disadvantage - Apple has restricted what you can do to track users, for example. If you try to get the UUID, your app gets a unique per-app one, so even if two apps use the same ad networks, they appear as two separate users. And an iOS user can reset them at will. And Apple asks you why you're getting the UUID, as well. Also there are restrictions on accessing contacts, location, photos (which can proxy for location).

Re:Nothing new

[reikae]

There are many, many wonderful desktop applications for all operating systems that are free (as in beer) and don't track the user or display advertisements. So it's not immediately obvious that "free" programs come with strings attached. I wonder why it's so different on mobile platforms; is it just easier to do tracking and ads there?

Re:Nothing new

That is why I use a hosts file for ad and tracking block.

Hosts files can only block traffic to host names, not to bare IP addresses.
I use the built-in iptables firewall (using the DroidWall frontend) to block any connection I don't explicitly whitelist.

Re:Nothing new

fdroid.org has AdAway and AdBlock which do the work for you. That, plus Lucky Patcher to disable Ad Services, takes care of most of the problem.

Re:Nothing new

[macs4all]

We should know by now what are the costs of "free". That is why I use a hosts file for ad and tracking block.

I only wonder why they only tested android apps, and left out IOS apps. Without this comparison, the first paragraphs of the article, blaming the tracking and ads on the openness of Android, is little more than wistful thinking.

I am as big an Apple enthusiast (not fanboi) as they come; but I was wondering the same thing; if, for nothing else, bragging rights for iOS.

But seriously, though, the study is rather useless without comparative data.

Have you looked at website internals lately?

Dozens of external domains are not unusual anymore. Many web sites are unusable and unreadable without at least access to one CDN domain. Many also rely on script libraries on third party hosts. It's fucked up.

Re:Have you looked at website internals lately?

[TWX]

I just don't get the third-party script libraries thing. Seems like an AWFUL idea for anything beyond a read-only bulletin board for a club or group to post their agenda and interests on such that it's not directly affiliated with Facebook or another 'social networking' site.

If you're running a business using a site, or are using forums or other interactive, feedback-driven system, trusting your libraries and passing data to third parties seems like a terrible idea. Bad enough for your own server to be penetrated and your libraries or scripts messed with, but much worse now that those with malicious intent have one-stop shopping to screw over loads of users and sites.

Re:Have you looked at website internals lately?

[coofercat]

Worse - if you're using Adobe SiteCatalyst analytics (and probably others), you need* to create a domain below yours for the tracking to go to (basically, create a CNAME to their server somewhere in your domain). That means Adobe get to see all the cookies you set in the root of your domain (and I'll bet you don't set all your cookies to just your website or webapp). If you're not very careful, that's just about everything you know about your visitors also going to Adobe.

Ghostery/Adblock or similar are the way to go - the site you're visiting might not really want to know everything about you, but whomever they partner with sure does.

* I say 'need' because this is how I've seen it done. There may be other, less intrusive ways, and possibly different levels of contract with Adobe that demand different infrastructure.

Stop being evil Google!

[DougPaulson]

This would never happen if they choose the Microsoft industry standard Windows Store :)

This is why we need free-as-in-freedom apps

[ciaran2014]

This argument is very easy to understand, so it's a great starting point.

The first targets for a campaign for free software apps should be educational institutions and public services.

GNU.org has a good list of proprietary software packages with spyware:

https://www.gnu.org/philosophy...

Re: This is why we need free-as-in-freedom apps

Why doesn't GNU Hurd run on my phone?

Re:This is why we need free-as-in-freedom apps

Don't be stupid.

The most expensive part of the computer now is the idiot at the keyboard.

If you can make a person more productive, say 1 hour a week, thats over 150 hours over 3 years. If their time costs $60/hr (labour, office space, lab space etc etc all add up to way more than this) that comes to $9,000, i.e. way more than the cost of the hardware and software combined.

We give our staff Windows / OS X / Linux to suit their needs and their job to make them the most productive we can.
More productivity = more grants, better academic scoring (for state funding), more students due to better reputation = more money

what you propose is little better than anti vaccine mantra.
Truth and consequences be damned so long as the mantra is followed.

Re: This is why we need free-as-in-freedom apps

[TWX]

Why doesn't GNU Hurd run on my phone?

'cause it doesn't run on any real hardware?

Re: This is why we need free-as-in-freedom apps

[Aighearach]

Why doesn't GNU Hurd run on my phone?

Because you didn't finish installing it.

Re:This is why we need free-as-in-freedom apps

[viperidaenz]

The most expensive part of the computer now is the idiot at the keyboard.

If you can make a person more productive, say 1 hour a week, thats over 150 hours over 3 years they spend doing more work instead of browsing slashdot.org and facebook.com

FTFY.

The time saved/money saved equation is not simple or universal.
If you save someone 5 minutes a day at their job, they'll probably just spend 5 more minutes fucking around.
There are some exceptions, like high volume call centres where staff are basically robots. But more other jobs are not time managed down to the second.

Re:This is why we need free-as-in-freedom apps

[pnutjam]

Hey! I resemble that accusation!

TANSTAAFL

As Heinlein famously put it in his The Moon is a Harsh Mistress (and he was just echoing the sentiment), There Ain't No Such Thing As A Free Lunch -- or in this case, a free app.

If they're not charging you, then you (or your time, your attention, or your information) are the product they're charging somebody else for. Or as Heinlein would have put it, even at a charitable soup kitchen you're going to have to listen to a sermon.

Re:TANSTAAFL

[WaffleMonster]

As Heinlein famously put it in his The Moon is a Harsh Mistress (and he was just echoing the sentiment), There Ain't No Such Thing As A Free Lunch -- or in this case, a free app.

If they're not charging you, then you (or your time, your attention, or your information) are the product they're charging somebody else for. Or as Heinlein would have put it, even at a charitable soup kitchen you're going to have to listen to a sermon.

I don't think cost explains or excuses this phenomenon. There is always a motive for doing anything but traditionally much of it was side projects, hobbies, getting famous, filling resumes, PR and making money off pay version upgrades... the primary goal was never making money by fucking people over until the rise of the app store.

There must be countless hundreds of unique pieces of "free" software I use all the time on my desktop.. none of it is engaged in this bullshit.

The culprit in my view are perverted market pressures brought about by existence of app stores.

There is no useful quality filter.. You don't go to Walmart and walk out with a "free" or $3 PS4 title. When everything is free people who want to publish real software get fucked over by everyone expecting free or $1.50 while their product appears as just another piece of flotsam in a vast ocean of mostly useless crap.

Couple this with undeserved global exposure all apps automatically get regardless of whether they deserve it or not and feedback loops that make profiting from advertising and spying networks easy for app vendors and you get the current cesspool of mediocrity and hostility.

Re:TANSTAAFL

[macs4all]

Yes, there is such a thing as a free app. Hundreds actually. Before Apple ruined it for everybody by starting the app gold rush, the free software world was expanding. Now everybody is led into temptation to "monetize".

Excuse me: But just HOW did Apple "ruin it for everybody"?

The "App gold rush" was there because of the insane iPhone sales, and because of Apple's stupendous and unique (at the time) distribution model.

Still no granular app permissions in Play Store

What, you thought that every app asking for access to your contacts, wifi status and network access were doing it because it was helpful?

Re:Still no granular app permissions in Play Store

[TWX]

It took far longer than it should have to find a flashlight app to just toggle the flash on and off that didn't require access to more than the camera. For those that care the app I use is called "LED Light".

Re:Still no granular app permissions in Play Store

[viperidaenz]

There's an app for that?
I use the built in functionality of Android. It's right there in the Lollipop notification thing.

Re:Still no granular app permissions in Play Store

[TWX]

Back when I initially wanted one there was no single click solution to quickly turn on the light. That may have changed in the intervening years.

Why?

[koan]

Doesn't Android allow the user to set permissions?

Re: Why?

Nope.

You can see the permissions the app uses and...that's it.

There's no control: you either install the app and allow it to do whatever it wants, or not install it.

There is CyanogenMod (an alternative os), though, that lets you control application access to contacts, location, etc. But you have to have a "blessed" device that allows you to install it.

Re: Why?

But you have to have a "blessed" device that allows you to install it.

How unfair. Who is in charge of blessing?

Re:Why?

[Dwedit]

There is App Ops, built into the OS in a hidden menu, but that has one of the worst user interfaces I've ever seen. It's pretty much unusable.

Re: Why?

[viperidaenz]

The people who devote their time and skills, free of charge, to port CyanogenMod to specific hardware.

Re:Why?

[ComputersKai]

AppOps allowed you to control some permissions, but it got remove/disabled in later Android versions. XPrivacy, which also allows some finer permission control, still functions well, and it has the ability to pass fake data to applications that request it. If you have CM it will probably have the PrivacyGuard tool built in, which also can restrict app access to data, like contacts and other personal stuff.

Re: Why?

[GTRacer]

Don't forget XPrivacy (requires root and the XPosed framework). This essentially replaces App Ops with the added functionality of providing fake info rather than straight blocking permissions. That is, if you block Contacts, apps can request a Contacts instance but it comes back with no records. Location can be spoofed at random or to a value of your choosing. Internet/Wifi access can be blocked but appear as "no signal" so the app will (hopefully) fail over to offline mode, while the rest of your phone continues online.

I've been using XPrivacy for about 2 years now and can't imagine an Android device without it. I also have a very minimal HOSTS file to block the worst pop-up offenders, but I've been thinking on and off about going the full iptables firewall route. I used to use ZoneAlarm on PC to see what programs were trying to connect *to*, as much as for blocking inbounds. I miss that on Android...

What's a phone for?

Seems like those companies are making good use of you personal tracking devices!

It's dirty practices, but not entirely unexpected or new.

Free as in ads for beer

If you're getting Android apps from somewhere besides F-Droid but paying nothing, you're paying for them with ad impressions and/or personal info.

Re:Free as in ads for beer

[Aighearach]

And often even on F-Droid.

A lot of F-Droid apps ask for extra permissions. Instead of just trusting them, I download the source, reduce the permissions, and then run the app. If it is trying to use those extras permissions I took out, then it will crash when it tries. Almost all the apps (on f-droid) that claim not to actually use those permissions unless some feature is turned on will actually crash without them. Then I go in and comment out the sections of code that cause the app to crash. That way I don't need to audit their source, just debug the crashes.

It is a total PITA but it is the only way to get the tracking code out; even on "free" software.

Re:Free as in ads for beer

[mrchaotica]

Do you report the results to F-Droid, and/or upload your "clean" version of the program? It'd be nice if you did, and I get the impression that the F-Droid repository maintainers care about stuff like that (so they'd welcome your contribution).

Re:Free as in ads for beer

Since you're already doing the work anyway, a lot of people would appreciate it if you would share the results.

Re:Free as in ads for beer

[Aighearach]

They're the same people making the false claims about what the apps do or don't do, so why would I run to them as a trusted party?

If they were actively addressing this and warning users and removing apps based on this, then there would be something for me to contribute to.

As it is now, telling them would be like a feature request; talking about something they don't care about, and trying to persuade them.

They flag git apps for having github integration with giant "promotes non-free services" ads, even if there is no actual promotion, just API support, and yet they have versions of things where the effort has been made to compile without google libs, but that still ask for device ID. For example, their version f the google sky map app, they go to the trouble to compile with certain libraries replaced, but they leave in the part where it asks for the device ID, etc. It is a totally passive app with no legit use at all for device ID. No warnings.

They only care about copyright, they do not care about privacy. Freedom to them is a legal technicality, not something affected by a real loss of user privacy. It is just a checklist.

As far as, do I upload my versions, no. Users are assholes, especially on the internet. If there was an uproar about these privacy issues, I'd probably be contributing to some repository created to serve people who care about it. But if I'm the only one making the changes, I don't benefit. In fact, as my forks get out of sync with the originals, it would just generate increasing silly tickets and package management work.

You can simply observe the responses I get here when talking about it, and it is obvious that sharing the work would be a waste of time for me.

Re:Free as in ads for beer

[mrchaotica]

They flag git apps for having github integration with giant "promotes non-free services" ads, even if there is no actual promotion, just API support, and yet they have versions of things where the effort has been made to compile without google libs, but that still ask for device ID. For example, their version f the google sky map app, they go to the trouble to compile with certain libraries replaced, but they leave in the part where it asks for the device ID, etc. It is a totally passive app with no legit use at all for device ID. No warnings.

I've just done a search in F-Droid for 'git' and looked through all the results. I found the following:

• Github, the "official Github Android App" has a red warning that says "This app promotes non-free network services."
• OctoDroid, described as a "GitHub Client" (not a "git client," a "GitHub client") which says that it "supports all the basic github.com features" does NOT have a red warning.

Having never used either app I don't know how fair F-droid's choice to display the warning in one case but not the other actually was, but it at least seems plausible to me that the "official" app would be more likely to "promote" the service than other apps.

As for Sky Map, if the program is indeed using the Device Id for some nefarious purpose, I'd expect a red warning saying "this app tracks and reports your activity" (or whatever message was appropriate). In the absence of such a message, I would assume that either the app isn't actually doing anything (and the F-droid people think it's sufficient to let the Android permissions dialog handle informing the user of a permission that doesn't matter) or the lack of warning is an oversight on F-droid's part (I mean, clearly, if F-droid has an tracking anti-feature, failing to mark an app that does tracking with it is certainly a bug).

I would also say that even if we don't *know* that the app is doing something nefarious, the existence of unnecessary permissions itself merits a red warning message (or at least a yellow caution message), and would like to see such a policy/feature implemented. However, I don't think the lack of such a feature constitutes "false claims" on the F-Droid maintainers' part.

The bottom line is that if your allegations about F-droid are true, then you're justified in being upset, but I'm not sure those issues deserve to be ascribed to malice when there's still enough reasonable doubt (IMO) to ascribe them to accident.

Re:Free as in ads for beer

[Aighearach]

You're asserting that an unnecessary permission merits a red warning, and if that was true everything else you say would have meaning.

But since that isn't actually what f-droid is doing, since that is not the policy, none of the other stuff follows.

And no, I'm not "upset" and being so would indeed be unjustified; they have no expectation to value my privacy, or to share my values. They simply don't share the values of privacy that many people casually assume they do, and I try to raise awareness of that. If others decide to value privacy and either start a new repo or convince f-droid to change, those are both fine. And if nobody cares, then people just have different values than me.

I only use open source, and as a programmer removing the permissions and related code is fairly easy. Even if it was rational for me to be upset, it would be a waste of time because I'm already overcoming the problem on my own. Non-programmers should be upset at the lack of choices, but not at f-droid. F-droid is proving additional choice and that is a positive service even if they don't share my values. If there were even more (bad) choices, that might create enough competition between repos for somebody to put privacy as a primary value. It wouldn't be a popular repo, but there would be contributors!

Re:Free as in ads for beer

[mrchaotica]

they have no expectation to value my privacy

That's not true. They do care about privacy, which is why they have that tracking antifeature that I mentioned before. You can't discount that! The only difference between what they're doing and what you apparently want them to be doing is that they don't assume that just because something is using an unnecessary permission it means it's violating the user's privacy. You can argue that maybe they're wrong for failing to assume that, but you have to acknowledge that there's a difference between F-Droid not being perfect vs. F-Droid not giving a shit.

Have you ever tried bringing this issue up with the F-Droid folks? If you haven't, I wouldn't be surprised if they're more receptive to it than you think, especially since you have patches to submit instead of just an idea.

No.

The user can see what permissions the app requires, and choose whether or not to install the app.

You need a special app with root permissions to set up your own blocks (which, of course, might break the app you are firewalling).

Re:No.

Privacy is one of the main reasons to root a device...
* AFWall+ to block internet connections for apps that have no business going online
* XPrivacy to mitigate privacy risks for all other apps

Also Firefox for Android with NoScript and Ghostery

And of course AdAway

The review, it does something... as does sandbox

[SuperKendall]

I agree it would have been really illuminating to do the same test for a large range of free iOS apps.

However I think that you wouldn't see the most egregious of tracking stuff going on in iOS, for two reasons:

1) iOS reviews would I think alarm on something connecting to 810 different tracking sites. Definitely f you were trying to do anything like that in the background.

2) There's simply not as much data to gather. Most Android apps ask for all possible permissions, because why not? You're probably not going to read it anyway. With the iOS permissions as they are the user is going to think "why is this app which has nothing to do with contacts, asking for contacts" (or location, or photo library, or health data, etc).

That said I'm sure many free apps on iOS are doing everything they can possibly get away with, and I would love to see quantified just what that is.

Same stuff on iOS...

Jailbreak an iPhone, load and run Firewall IP. Download most apps from the App Store... and watch as the app connects to many, many sites before the app does a single thing.

The only difference in iOS is that there are no tools to catch a specific app in action.

Nothing new

I work with a guy who wrote gamespector, which was quite popular app until google kicked it our of the play store. The app can detect ads, tracking, GPS & microphone use, etc, and can remove ads from aps on rooted phones.

Apps?

Are people still loading software from strangers onto devices with all their personal info? Welcome to the surveillance network.

Not really surprising

[belthize]

I never really understand why folks are surprised by this kind of thing. There's nothing fundamentally different between a Windows box attached to the internet in the late 90s and a cell phone except that a heck of a lot more people have cell phones and they're easier to connect to a remote site. Both systems are perfectly happy to let you install random software you found god knows where that does god knows what. All that's really changed is the admission bar has lowered.

They should be ecstatic that all these apps do is send some tracking info to a few thousand sites.

Hosts file

[Dwedit]

Root phone, install hosts file, problem solved. Well, solved if you can root.

Re:Hosts file

[pkinetics]

assuming you can obtain a list of all the sites that are being called

Re:The review, it does something... as does sandbo

[AuMatar]

1)Not necessarily. Something as simple as not enabling that code for a month after release would get it by reviews. They aren't reviewing source code, they're reviewing behaviors. Just like you don't speed when there's a cop right behind you you wouldn't connect when you're being watched

2)They ask for a lot of permissions because the permissions aren't fine grained enough, and because polsih requires it. For example I had an app that did sound effects when you tapped a key. The OEM requested that we turn off sounds when the user is in a call so they wouldn't play on the other end. This reasonable request required a new permission (CALL_STATE IIRC), which actually gave us much more info than we wanted (we got to find out when calls started, ended, and the connection number which we didn't need). But if you just looked at our permissions your reaction would be "why do you need to know who I'm calling"? We didn't there was just no way to request less info, we didn't even look at the number.

One of the big problems was that Google redesigned the play store to be less scary and show fewer permissions. One of those was that any app could request internet permission without it showing up. That was just wrong.

What we really need is the ability to turn on and off specific permissions by app. Perhaps with the ability to limit internet permission to certain IPs/URLs per app. That would solve most of the problem.

New app to watch apps ...

[Obfuscant]

yum install tcpdump

Cyanogen mod Privacy Guard

And hence the reason customers want OnePlusOne and Cyanogenmod, because it includes a privacy tool that lets you remove the permissions from apps like 'Music Volume EQ"

http://www.androidcentral.com/cyanogenmod-updating-privacy-guard-20-new-features-coming-cm102

A similar tool was pre-released by Google in v4.3, then removed claiming it broke applications. I suspect the reality was, that if you could remove privacy invading things from apps, then lawsuits would make it work also for Google Apps and that was against Google's business model.

https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them

Re:The review, it does something... as does sandbo

[SuperKendall]

1) The app has to declare if it's going to be doing background processing, and you have to give a reason why they will accept. So not just any app can do that.

What we really need is the ability to turn on and off specific permissions by app. Perhaps with the ability to limit internet permission to certain IPs/URLs per app. That would solve most of the problem.

I thought Google added that ability in an early 4.0 or 5.0 version of Android, but then backed it out... Sadly I think because too many apps react badly when permissions are withdrawn it expects to run. The whole model creates a bad precedent I think where you assume you'll have all the app permissions you requested and so if any are withdrawn individually (which advanced users can do) the app is prone to break even though it could carry on just fine if it had been coded to detect that one permission was disabled. Google is going to have to bite that bullet at some point.

Load balancing and cookies

Like cookies, spyware needs love and load balancing..

The problem

[koan]

For me is that no matter how well I take care of information if someone sticks it into their Android and runs one of these apps there goes that phone number.

In fact shortly after my buddy bought a Nexus 7 (he installs EVERYTHING on it...) I started getting txt offers from Chinese retailers and my number blew up with various other issues.

Nothing for years then this...

Now I can't prove it was his device and his bad habit of installing anything, but the timing works.

Re:The review, it does something... as does sandbo

[AuMatar]

I think internally they have such a tool and use it in testing all the time. I don't predict them exposing it any time soon. It was released by accident, but pulled very quickly. And their changes to permissions on the Play Store go the opposite way.

Re:The review, it does something... as does sandbo

[gumbi+west]

Android Apps don't ask for permissions, they list demands. Once you've installed the App, you're just forced to just live with all their demands, uninstall, or root your phone. iPhones, on the other hand, allow you to grant and revoke permissions on the fly.

I realize that here on slashdot, rooting your phone may not seem like a big deal, but it's a pain and violates my agreement with my carrier--not something I'm willing to do.

Wheres the list?

My hosts file is only blocking ~40,000 crap sites. I'd like to bulk that up to 250,000.

So wheres the list?

AdAway

[hack++slash]

Since installing AdAway on my Android devices it has eliminated most of the banner adverts in apps. I wonder how the researchers results would stack up after installing AdAway.

How many connections...

[KreAture]

So, how many connections will their new app do?
Can we use the app to monitor the same app?

Re:The review, it does something... as does sandbo

[Lennie]

I would rather see most apps just use intents:

http://developer.android.com/g...

Need an image because you are the QR-code app ? Ask the image 'app'. The user can pick to choose the camera app and make a picture if he/she wants or grab an image from the image gallery app.

Need a contact ? Ask the contact 'app'.

Now most apps don't need any permissions any more. And the user knows what data the app gets because the user chooses the data and the app the data came from.

Started to remove apps ...

[gstoddart]

I've been forced to start removing apps from my phone.

I have an older Android phone, and don't have (or want) a data plan.

A while ago, when I got voicemail and the the notification for it, I'd get a text message from my ISP saying that something on my phone was trying to connect to the internet.

Basically some app I had had decided that it needed to notify someone when I got a phone message, but it failed because I didn't have a data plan.

Then I started removing apps and testing, and eventually got it pared down enough that it didn't happen.

Basically most apps are written by greedy bastards who don't give a crap about your privacy and your security. And if Google won't give me fine grain control to say "I don't care if *you* want to connect to the internet" and disable it, then I'm simply not going to trust the apps.

It has gotten to the point where I have to assume most software is actually hostile to me. If ti can't pass the airplane mode test, it generally gets deleted.

I would definitely install this app, and use it to identify shady apps which need to be deleted.

Re:The review, it does something... as does sandbo

[gauauu]

What we really need is the ability to turn on and off specific permissions by app. Perhaps with the ability to limit internet permission to certain IPs/URLs per app. That would solve most of the problem.

This is the #1 reason why I install cyanogenmod on every phone I use. It lets you deny/approve individual permissions per app.

Here's a way to get them... apk

APK Hosts File Engine 9.0++ 32/64-Bit SR-2 http://start64.com/index.php?o...

* It populates hosts files with the MOST current data for threats (& other things like adbanner blocking, trackers, phish/spam, + other malicious threats out there too) from 10 reputable & reliable sources in the security community itself, which is rarely far behind when finding say, C&C servers for botnets etc. (malwares in general),

APK

P.S.=> MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it (near the top of that site) -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk