Privacy concerns behind the Top 50 Apps in India
We have been working on a smart firewall for Android devices that gives comprehensive control to the user to visualize, monitor and block all tracking and non-essential internet activity being system apps, user apps and browsers.
A smartphone is a powerful device and based on App permissions, it allows trackers to collect device information, user data (contact book, photos, videos, calendar, files, etc.), phone call logs, SMS/text msgs and logs, GPS location, etc. and access to the mic and camera.
In our device test lab, we have several popular Android smartphones hooked up to the popular Wireshark network analyzer. This allows us to detect and analyze ALL internet activity sent or received by the entire smartphone. This summer, our brilliant interns from Columbia University and Penn State University were helping analyze and baseline smartphones from various manufacturers. One of the observations that surprised us was the sheer level of internet activity even in idle or sleep mode. The amount of SSL (encrypted) packets being sent/received were almost 20–25% of the total transmissions. This meant that apps on these smartphones were opening network ports and creating encrypted secure connections with servers at home and communicating for extended duration. We plan to publish these results in another post soon.
So the next step was to understand the background network behavior behind apps on the Android smartphone. For this we installed the top 50 Android apps used in India according to the analytics firm App Annie and Google PlayStore. We were specifically analyzing the internet connections made by each App and the location of these IP addresses. Here are some of our findings:

- The top 50 Apps were created by companies in 10 different countries.
- These 50 Apps together were communicating with over 1278 unique domains/IP addresses in over 10+ countries.
- The number of unique IP addresses that an App connected with in the background varied quite a bit and ranged from 2 to 76. (Note: this number can vary for the same app from time to time.)
- Over 99% of the network connections on average were communicating with IP addresses or servers outside India.
- Even Apps produced by Indian companies had over 95% of their connections with IP addresses or servers outside India.
So who are these Apps communicating with?
Our investigation showed that these domains and IP addresses belonged to several companies. In addition to connecting with IP addresses belonging to the App producer, the Apps were mostly connecting with entities such as Ad networks, Social Media networks, Data brokers, App/Site Analytics, Audio/Video content providers, CDN, etc.
There were several IP address or domains we could not identify their purpose or who they were.
The bottom line
The implications of all this background activity is that:
- Apps are selling user access to a lot of companies who can then download their trackers or content on user devices.
- These Apps and their partners are collecting a lot of data in the background and communicating back, even when the Apps are not being actively used or when the smartphone is in idle/sleep mode.
- All this background activity is using user’s data, draining battery and increasing CPU utilization. So the user is paying for being tracked!
But the big bottom line is that this is a serious privacy and cyber security concern! How easy it has become for organizations or entities inside and especially outside the country to download their trackers or content on user devices and to silently monitor them and collect massive amounts of private data 24 x 7 x 365.

