Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Detect Android Apps That Connect to User Tracking and Ad Sites

Posted by samzenpus on from the don't-track-me-bro dept.

An anonymous reader writes: A group of European researchers has developed software that tracks the URLs to which cellphone apps connect. After downloading 2,000+ free apps from Google Play, they indexed all the sites those apps connected to, and compared them to a list of known advertising and user tracking sites. "In total, the apps connect to a mind-boggling 250,000 different URLs across almost 2,000 top level domains. And while most attempt to connect to just a handful of ad and tracking sites, some are much more prolific. Vigneri and co give as an example "Music Volume Eq," an app designed to control volume, a task that does not require a connection to any external urls. And yet the app makes many connections. 'We find the app Music Volume EQ connects to almost 2,000 distinct URLs,' they say. [Another major offender] is an app called Eurosport Player which connects to 810 different user tracking sites." The researchers plan to publish their software for users to try out on Google Play soon.

3 of 74 comments (clear)

  1. Nothing new by jbernardo · · Score: 5, Insightful

    We should know by now what are the costs of "free". That is why I use a hosts file for ad and tracking block.

    I only wonder why they only tested android apps, and left out IOS apps. Without this comparison, the first paragraphs of the article, blaming the tracking and ads on the openness of Android, is little more than wistful thinking.

  2. Have you looked at website internals lately? by Anonymous Coward · · Score: 5, Insightful

    Dozens of external domains are not unusual anymore. Many web sites are unusable and unreadable without at least access to one CDN domain. Many also rely on script libraries on third party hosts. It's fucked up.

    1. Re:Have you looked at website internals lately? by TWX · · Score: 4, Insightful

      I just don't get the third-party script libraries thing. Seems like an AWFUL idea for anything beyond a read-only bulletin board for a club or group to post their agenda and interests on such that it's not directly affiliated with Facebook or another 'social networking' site.

      If you're running a business using a site, or are using forums or other interactive, feedback-driven system, trusting your libraries and passing data to third parties seems like a terrible idea. Bad enough for your own server to be penetrated and your libraries or scripts messed with, but much worse now that those with malicious intent have one-stop shopping to screw over loads of users and sites.

      --
      Do not look into laser with remaining eye.