RISKY BABLING OF ANDROID APPS

THE RAMPANT, RISKY BABLING OF ANDROID APPS


android-apps-security


By John P. Mello Jr.a
May 19, 2015 5:35 PM PT
Eurecom researchers recently developed an Android application that can monitor the network traffic of other apps to alert users of suspicious or malicious network activity.
With more than 1.2 million applications in the Google Play store, there are multiple programs for performing a particular task. That can make choosing an app a chore for users, noted Luigi Vigneri, Jaideep Chandrashekar, Ioannis Pefkianakis and Olivier Heen in a report released last month.
"Moreover, some of the applications being of dubious origin, there are no mechanisms for users to understand who the applications are talking to, and to what extent," the paper says.
Characterizing the network behavior of an app gives users an idea of how the app will behave after it's installed on an Android device, which is valuable for deciding if they want the app to be installed at all, the researchers explained.
"Given our focus on network behavior, we are interested in identifying the kinds of destinations connected to, whether the application connects to a large number of ad sites, how often it talks to online tracking sites, and whether it communicates with sites that have been deemed suspicious," they wrote.

Rooting Required

After analyzing a large sample of free applications from Google Play, the boffins reached the conclusion that there was a lack of effective tools and mechanisms to audit installed applications and give users greater visibility into application behavior.
To that end, they created an app called "NSA," for "NoSuchApp," which identifies particular types of app connection destinations. The software initially was made available only to reviewers, but the researchers said it would be available on Google Play in the future.
That could be problematic, however, because to do what NSA is described as doing requires an Android phone to be "rooted," which allows a user to gain access to parts of the operating system that they'd ordinarily not have access to.
"A lot of things can go bad in the rooting process," said Bogdan Botezatu, senior e-threat analyst withBitdefender.
"If you're not technical, you could end up with a bricked phone, or allow malware to run with root privileges, which is even worse," he told LinuxInsider. "Companies usually do not like people to root their phones."

No comments:

Post a Comment

Subscribe to: Posts (Atom)