Your Android phone is likely beaming data to China and Russia while you sleep, security expert reveals

Security experts conducted an experiment to determine how much data is sent from Android handsets and where that information is transferred overseas

GETTY IMAGES | GOOGLE PRESS OFFICE | GBN
Aaron Brown

By Aaron Brown


Published: 21/02/2024

- 12:47

Updated: 21/02/2024

- 13:46

Every 37 seconds, Android apps sent data to servers scattered across the globe

  • Experiment tried to evaluate the amount of data beamed from Android apps
  • Experts downloaded the 100 most popular free apps onto a brand-new phone
  • Within hours, hundreds of servers were being sent data from the device
  • Servers in Russia and China were pinged by the Android handset
  • In total, 20MB of data was quietly uploaded from the device

Your favourite Android apps could be beaming personal data to China and Russia behind your back, a prominent security expert has cautioned millions of smartphone owners.

Ernestas Naprys, who works as a senior journalist at specialist publication Cybernews, installed the 100 most popular free applications from the Google Play Store on a factory-fresh Android phone. Naprys granted any permissions requested by the apps during the install process and used new accounts each time. After that, the Android phone was left untouched for the next 24-hours.


What happened next was truly shocking.

Every 37 seconds on average, the test handset made a connection to a server. Over 2,300 queries were sent online in 24 hours, despite the Android phone not being used at all.

More worrying, the handset started to ping multiple servers in Russia and China, Cybernews’ Naprys reports. The phone connected to Russian IP addresses a minimum of 39 times.

The handset contacted servers owned and operated by Yandex multiple times, despite the fact that no apps from Yandex, the most popular search engine in Russia, were installed on the device. Several of the servers pinged are used for “advertising or advertising-related services such as data collection, behavioural analysis, or retargeting,” the NextDNS database reveals.

Cyber News 100 most popular apps tracking server data

Cybernews researchers tracked the location of every server that was pinged by the 100 most popular free apps on Android within a few hours of installation

CYBERNEWS

And it wasn’t only Russian servers that were contacted by the untouched Android handset.

It contacted 15 servers in China, although it’s worth noting that Alibaba and Aliexpress were included in the 100 apps installed on the device. Three servers in Vietnam were pinged too.

In total, 20MB of data was uploaded by the Android handset over the three days of the experiment. That might not sound like much, but small amounts of data are enough to send swathes of sensitive information about the user, including location data, network information, text and call data.

However, that file size suggests that audio and video data was not being transferred off the phone.

It’s worth noting that Cybernews’ Ernestas Naprysdidn’t load-up the Android phone with any files to snoop on, so the apps couldn’t trawl through a photo library, contacts, banking apps, call logs, or anything else that would usually be stored in memory.

Google, Facebook and Microsoft account for almost 50% of all traffic sent to servers by the handset. Unsurprisingly, Google made 595 queries (25.6%) from the Android smartphone within 24 hours, while Facebook and Microsoft each contributed 12% of all server requests.

Android is an open-source operating system built by Google. It arrives with a number of Google services preinstalled, including Google Maps, YouTube, Gmail, and more. The 100 applications were downloaded from the Play Store, which is a marketplace owned and operated by Google.

Researchers for Cybernews warned: “Network permission is granted to most apps by default. It is generally used to send usage data to such trackers or to allow an app that requires an internet connection to function. The internet permission is classified as ‘normal’ by Google.”

Normal permissions are automatically granted once an application is installed. Android apps are only required to request consent for permissions that Google classifies as “dangerous”.

“By default, there are no restrictions to what kind of servers the app could connect to once the permission is granted. This is most likely done to simplify the development of these apps and simplify the user experience,” researchers added.

The findings highlight the amount of data that leaves our devices, including phones and tablets, behind our backs. According to security researchers, many of the servers identified in this experiment are used to track which adverts you’ve already watched so advertisers don’t double up, monitor your app usage for internal statistics for developers, and track search patterns.

LATEST DEVELOPMENTS

The data sent to these servers is not “unusual or very suspicious,” Cybernews security researchers note. "While this is a common practice, it does raise serious privacy and security concerns"

It's possible that governments in high-risk countries could gain access to the data on these servers without your consent, the researchers caution.

GB News has contacted Google for comment on this article.

You may like