We aren’t surprised to know that the majority of our apps, no matter which platform they exist on, send a ton of data over the airwaves when we aren’t using them. We often treat such data as innocuous, trivial tidbits such as lengthy lines of code that we neither understand nor care for, and as a result we go on with our lives unperturbed at the thoughts that the some of the apps on our smartphones are continuously transmitting our location to forces unseen. Rather we only raise our eyebrows when we realise that this continuous transmission of data is the reason we have to turn on the power saving mode on our smartphones and carry battery packs around with us.
But how much of that data being transmitted is actually necessary? According to researchers based at MIT, only half. The necessary half of these covert communications is attributed to standard Android analytics packages, which reports statistics on usage patterns and program performance, necessary to help developers improve the applications.
What about the remaining 50%?
“The interesting part is that the other 50 percent cannot be attributed to analytics,” says Julia Rubin, a postdoc in MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL), who led the new study. “There might be a very good reason for this covert communication. We are not trying to say that it has to be eliminated. We’re just saying the user needs to be informed.”
Researchers analyzed the number of communication channels opened by the 500 most popular mobile apps and found that roughly 50 percent of them appear to have no bearing on the user experience. That doesn’t necessarily translate directly to the quantity of data exchanged over those channels, but for short sessions of application use, the portion of transmitted data irrelevant to user experience is also as much as 50 percent. Across longer sessions, in which large files are transferred to the phone — by, say, music- or video-streaming services — the percentage of data transmitted covertly steadily diminishes. But covert communication channels remain open.
The researchers also analyzed data traffic from a few of the more popular apps, gleaning some insight about the possible purposes of their covert communications. A Wal-Mart app, for instance, allows users to scan the barcodes of products on the shelves of Wal-Mart stores and retrieve their prices. But every time it does that, it also sends information to a server that appears to be associated with eBay. Disabling that connection had no effect on the app’s behavior.
Interestingly, Candy Crush Saga, a game that got some bad press a few years ago for apparent privacy violations, was one of the very few apps that appeared to engage in no covert communication. “They’ve become a model citizen,” Rubin says.
Omer Tripp, the technical lead on mobile security and privacy at IBM’s T. J. Watson Research Center, speculates that some of the covert communication may be anticipatory, in an attempt to guard against interruptions in Internet connectivity. “You may imagine that the application may want to be more resilient and go on functioning without reporting a problem,” he says. “Which, when you think about it, is an interesting opportunity for optimization. Perhaps some users say, ‘If the app is willing to function without Internet connectivity, and I have a limited data plan, or I’m abroad and don’t want to use the Internet, I want to know that it still knows how to do that.’ The study sort of gives us the hope that in many cases this type of optimization could apply.”
Source: MIT News
