Almost nine percent of popular apps downloaded from Google Play interact with websites that could compromise users' security and privacy, according to a new University of California-Riverside study.
The team is now developing a tool that allows users to evaluate the riskiness of individual apps before downloading them.
The researchers conducted a large-scale analysis of URLs embedded in 13,500 free android apps downloaded from Google Play.
The apps tested were created by reputable developers and downloaded by many people, among them popular social media, shopping, news and entertainment apps.
Although apps connect to a complicated network of websites, both to function and generate advertising revenues, Michalis Faloutsos, a computer science professor in UCR's Bourns College of Engineering, said most users do not know their private information could compromised.
"A lot of people believe that if an app is popular or available on one of the big app stores then it must be safe, and we suspected that wasn't the case," Faloutsos said.
By developing and using a tool called AURA (Android URL Risk Assessor), the team identified more than 250,000 URLs accessed by the 13,500 apps, which they cross-referenced for trustworthiness using VirusTotal, a database of malicious URLs, and Web of Trust (WOT), a popular website rating system.
Almost nine percent of the popular apps interacted with malicious URLs (implicated in distribution of malware).
Around 15 percent talked to bad websites (with intentions that vary from harming devices, stealing confidential data or annoying users with spam), while 73 percent talked to low-reputation websites, the researchers found.
Also, 74 percent talked to websites containing material that is not suitable for children.
"I think the fact that nine percent of the good apps we analysed interacted with at least one website that distributes malware is very worrisome," said Faloutsos.
The team will present their paper at the IEEE GLOBECOM conference in San Diego on Tuesday.