Downloading popular Android apps from non-official sources is a bad idea, but even legit apps can do potentially unwanted things in the background without drawing attention. Researchers from MIT dug through some of the most popular apps on Google Play and found that most of them access the network covertly.
The research team pored over the top 500 popular applications on Google Play, though some—mostly chat apps, since they require readily available and somewhat unpredictable human partners—were excluded from the survey. Overall, MIT found that 46% of all network connections those apps make could be considered covert.
It's important to note that MIT's definition of "covert" doesn't indicate any malicious intent by an app developer. In this case, "covert" only means that the result of a network connection wasn't immediately obvious to the user. Blocking those connections didn't result in missing content, error prompts, or crashes. Blocked connections that resulted in error log entries were still considered covert, because the researchers didn't think most users would look through those logs.
After checking out that wide swath of apps, the research team turned its focus to in-depth testing of 13 of the top 20 apps on Google Play. That list included Facebook (which did not make any covert connections), Twitter, Spotify, and Candy Crush Saga. 62.9% of the network connections established by these apps were covert by MIT's definition. Out of those covert connections, only 43% were related to known advertising and analytics libraries. That 43% accounts for around 27% of all the network connections made by the apps.
In the end, the researchers weren't able to nail down all the causes for apps connecting to the network covertly. Julia Rubin, a post-doctorate researcher who led the study, told MIT News that informed operation is key. "There might be a very good reason for this covert communication," Rubin said. "We are not trying to say that it has to be eliminated. We’re just saying the user needs to be informed."