The average free Android app silently connects to more than 100 different web addresses to serve adverts and track users, according to a paper from French research institute Eurecom.

The worst offenders found on the Google Play store connect to orders of magnitude of up to 20 times more sites. One app that does nothing more than control volume “connects to almost 2,000 distinct URLs” when it’s booted up on a phone.

After downloading more than 2,000 free apps from the Google Play store on to an older Samsung phone, the researchers, led by Luigi Vigneri, opened them one by one.

By routing all the traffic through their own network, they were able to find out every web address requested by the applications, and then categorise them based on what they were returning, from adverts to tracking information.

The researchers found that “unsurprisingly, nine of the top 10 in this set correspond to various web services run by Google. The most popular domain in the list, doubleclick.net, is an advertising platform that tracks end users, and also serves up advertisements”.

More than 40% of the apps examined connected to DoubleClick alone, and the only non-Google service in the top ten was a Samsung site used to serve video ads.

While the presence of advertising in free apps is unlikely to surprise users, the frequent involvement of sites that track personal information is less expected. The good news is that the “vast majority” (73.2%) of apps do not connect with any tracking website; but “a small number of apps do indeed communicate with them”… see more

source: Guardian UK