New ‘NSA’ App Designed to Expose Android Apps’ Secret Web Visits

French researchers have built a new Android app designed to monitor the network activity of other applications on their device, in order to minimize resource usage and the risk of infection.

A team at Eurecom explained the research that led to the development of NSA (NoSuchApp) in a new paper.

It works as a local proxy, emulating a man-in-the-middle for SSL traffic, which it can then monitor and check against known ad-related, tracking and suspicious domains, they said.

The team tested just over 2000 Android apps from the top 25 categories in Google Play and monitored their activity.

They were shocked to find that 1710 of these apps (with traffic activity) connected to a staggering 250,000 URLs across 1985 top level domains, while around 10% connected to more than 500 URLs.

The paper explained:

“Our results reveal several interesting insights: (i) that a significant number of applications, some highly rated, download an excessive number of advertisements which indicate that users may not be as sensitive to advertisements as anecdotally conjectured; (ii) a large number of applications communicate with a multiplicity of online tracking entities, a fact to which users may not be aware; and (iii) we find some applications communicating with websites that have been deemed malicious by malware detection engines. Our results underscore the need for greater transparency in the network interaction of mobile applications on the Android App store(s).”

Many of the URLs accessed are needed for the app to work. In fact, nine out of 10 free ad-driven apps connect to Google ad sites, the report claimed.

However, Eurecom’s beef was that it found “several instances of overly aggressive communication with tracking websites, of excessive communication with ad related sites, and of communication with sites previously associated with malware activity.”

The problem with excessive connections to ad and tracking sites is that “this level of ‘chattiness’ significantly impacts resource usage on the mobile device,” the paper claimed.

Eurecom is hoping to make NSA publicly downloadable on Google Play with the aim of providing greater visibility into network behavior of Android apps.

“Looking much further, we can envision a crowdsourced app reputation system driven by NSA where individual users can inspect the traffic being generated by applications tag is as being normal, or else unexpected, or suspicious,” the researchers added.

What’s Hot on Infosecurity Magazine?