Secret Doors in Your Mobile Apps: an OSU Study

The study found that many mobile apps might have hidden, programmed behaviors that the average user would be totally unaware of. Usually apps work on the premise of interacting with users via the data they input. This input can vary from word data, swipes or button presses.

In this particular study 150,000 apps were examined. Of those 100,000 were chosen based on their popularity in the Google Play store, another 20K were chosen for their popularity in an alternative market, along with 30K pre-installed apps that appear on Android systems.

8.5% of those apps, 12, 706 apps, contained some kind of programming labeled by the research team as “backdoor secrets.” These are hidden commands in the app which trigger background behaviors unknown to the user.

Other apps had programmed master passwords that would allow anyone with the master password to potentially private data. Other apps had secret keys that could trigger hidden options like bypassing a pay-to-play screen.

Another 4.028 apps (about 2.7%) were found to block content when it contained specified key words that were meant to be censored, or if it was cyber bullying or discrimination.