A recent study from Purdue University and Intel found that apps are a primary source of power drain, with up to 30 percent of battery power lost even when the screen is off. This is due to the propensity for apps to regularly ‘wake up’ and then run in the background.
Not only is such behavior a huge drain on battery power, it also represents a significant security and privacy risk.
A team of researchers at the University of California, Riverside, are working on a tool that will hopefully assess the risk posed by certain apps before we install them.
The tool, which was documented in a recent paper, analyzes the behind the scenes behavior of the best apps (in security terms) from over 13,500 Android based apps.
The security of apps
The analysis highlights the wide range of connections most apps have, whether to ad networks or 3rd party websites that support the functionality of the app. Most of these connections are hidden from the user.
“We focused on a relatively neglected aspect of security research, which is the potential for good apps to leak personal information through the sites they interact with. A lot of people believe that if an app is popular or available on one of the big app stores then it must be safe, and we suspected that wasn’t the case,” the authors say.
The tool the team developed was called AURA (Android URL Risk Assessor), and was used to spot some 250,000 URLs that were accessed by the 13,500 apps studied.
This database of URLs was then cross-referenced with a database of trustworthy addresses by the VirusTotal website.
Do you know what your apps are doing?
Worryingly, some 9% of apps were found to engage with malicious URLs that were connected with malware. A further 15% were linked to URLs associated with malicious intentions such as spam or data theft and a whopping 73% linked to sites that scored lowly on reputation.
“I think the fact that 9 percent of the good apps we analyzed interacted with at least one website that distributes malware is very worrisome,” the authors say.
The initial scope of the project was purely to raise awareness of such issues, but the team hope to make the tool available for both app developers and end users so they can better assess the security of the apps they use and create.
“We are currently improving the AURA system to make it more robust and user-friendly, and then we will release it to the public as open source software,” they say.
Until that time, the authors suggest the best course of action is to limit the number of apps we download, and to diligently research the apps we install before we download them.
“Reading the comments left by other app users is a good security practice that can help users make more informed decisions about what they put on their smartphones,” they suggest.