Mobile applications often lead a double life. They perform functions that their users see. However, it is quite common for Android applications to perform some functions and send and receive data without the knowledge of the user. Overt communication contributes to the application functionality and is anticipated by the user, while covert communication is hidden and unexpected from the user’s point of view. Generally, this covert communication does not deliver any tangible value to the user and the user cannot opt-out from sharing data without uninstalling the application.
Rubin et al. set out to identify application functionality that is hidden from the user. This primary research is focused on understanding the extent of covert communication in applications downloaded from popular application stores. The authors developed a static analysis technique that can automatically identify covert communication connections. Once identified, those connections were disabled and the researchers performed a usability assessment to identify any change in application functionality. This technique correctly identified all but two covert connections, performing with an average precision of 93.2% suggesting that the static analysis method proposed in this paper could be useful for detecting covert connections. The technique is highly scalable and provides actionable output that can be used for disabling covert communication in a majority of cases. Furthermore, disabling these connections had little significant effect on application functionality.
The results from this study reveal that nearly half of all connections from the top 500 popular Android applications available from Google Play are covert. When the covert connection statements were disabled, 63% of applications ran with no effect on the user-observable application functionality. While other applications did show some effects on functionality, disabling connections deemed covert leaves the delivered application experience either completely intact or with only insignificant interference.
This study provides evidence of the prevalence of covert communications in the 500 top-popular free applications on Google Play for Android. Covert communications present the user with unanticipated costs such as potential privacy breaches, bandwidth charges, power consumption on the device, and the unexpected presence of continued communication between the device and remote organizations. Covert communication can impair the transparency of device operation, silently consume device resources, and ultimately undermine user trust in mobile applications. These findings show that covert communication can be identified and removed.
Covert communication is common in most popular free applications for Android and they cost users privacy, bandwidth and power consumption.