March 15, 2017

The secret life of apps

Security Special Project

Modern smartphones have way more memory than desktop computers had a decade ago. Out of space? Why bother deleting anything when you can just replace your old 64GB memory card with new shiny 128GB card? It doesn’t exactly cost a fortune.

The secret life of apps

For the most part, inexpensive storage is a good thing, but there’s a downside: With so much space, we don’t care anymore how many files and programs we store in our devices’ memory. According to our research, on average, modern Android users have 66 apps installed on their smartphones or tablets. Moreover, we typically install about a dozen new apps every month but delete only ten, effectively increasing the overall count by two every month.

The real problem is that you can’t control what all of those apps are doing. According to Kaspersky Security Network data, 96 out of 100 Android apps start working without users launching them. And 83 out of 100 apps have access to sensitive user data such as contacts, messages, calls history, files in storage, and so on.

We set up an experiment to check how the world’s top apps behave. We downloaded 66 apps most popular among Android users and installed them on several clean devices. What did we find? Of the 66 apps, 54 were running and consuming 22MB of data allowance per day — without the user even interacting with them.

Android operating system actually provides the ability to fine-tune data that apps can access. It’s called the app permissions system. However, people mostly ignore this powerful tool: only 40% of users always adjust permissions settings for every app.

Another issue with keeping a lot of unnecessary apps is vulnerabilities. In general, people are not good about updating the programs installed on their devices: Only 65% of users update apps on their smartphones as soon as the newer versions are released, and 24% do so only when they are forced to. The more apps you have, the less likely you are to update all of them right away — despite all Google’s efforts, updating still takes time and requires some clicking through.

And it’s not only users who are guilty of carelessness; developers are as well. Our research shows that 88 of world’s top 300 Android apps are never updated, leaving users at risk of exploitation by cybercriminals.

All in all, you need to tend to your herd of apps. Regarding that, we have some advice:

  • Don’t install tons of apps just for the sake of it. Before downloading a new app from Google Play, think for a moment — do you really need this app?
  • Delete apps that you no longer use. Get into the habit of cleaning up your installed apps list, say, on a monthly basis. OK, let’s be realistic: Do it at least every couple of months.
  • Keep the apps updated, and install updates as soon as they are available. Newer versions often include security fixes. Google Play has a nice autoupdate feature for all apps that are downloaded from it. It’s a handy feature, and we recommend using it.
  • Adjust app permissions settings. It’s important to keep an eye on which apps have access to which sensitive data. Here we have a thorough guide on Android permissions.
  • I doesn’t hurt to have a security app — antivirus for Android — that helps you check if any of those dozens of apps you install are malicious.