How much can Android possibly develop further

How to expose sniffing apps

Daniel Behrens, Dennis Steimels and Sandra Ohse

Many apps require more permissions than they need to function. We reveal how to debunk sniffer apps.

EnlargeWe'll show you how to debunk sniffer apps in this article
© Illustration: © Praneat -

Various apps are usually installed on your Android device: from social network applications such as Facebook, messengers such as Hangouts or Whatsapp to info applications such as weather forecast, news and timetable information to various game apps and utilities such as a flashlight. With Android in particular, the inhibition threshold for installing many applications is particularly low because most of them are available free of charge. Instead, they are often - sometimes more, sometimes less subtle - garnished with advertising. However, some apps don't just do what they should and what the user expects them to do. They also communicate over the Internet with the manufacturer's servers, with those of access analysis services and - in the case of ad-financed apps - with the servers of advertising marketers.

Android vulnerabilities:How to protect yourself

Which app rights are necessary?

For applications to function properly, they always need a number of permissions. For example, a flashlight application requires access to the camera, as it uses the light of the LED flash to illuminate you on the way, and a navigation app must of course have access to the GPS function of your device. Unfortunately, many applications require significantly more rights than they actually need. But what exactly does that mean for you and your private data?

Monitor apps when and how you use them: The transmission of statistical data to the manufacturer is somewhat harmless, for example information on how often a certain (but not known by name) user started the app and what actions he carried out. This is where the argument comes into play that the manufacturer needs this information in order to adapt the further development of the app to the needs of the user.

Analysis services create user profiles of app users: However, some app providers use external services to evaluate and collect your user data. These are not only used by the application makers, but often also by the analysis services themselves. And for the advertising industry, the information about which user has which interests is worth gold in gold. In this way, advertisements can be placed in a targeted manner and every potential customer receives the right content.

EnlargeGet an overview of the app rights.

User profiles are based on the device identifier (s): To create device-specific profiles, many apps read the identification numbers of unchangeable hardware components, for example the “MAC address” of the WLAN chip, that of the cellular module (IMEI) or the “Android ID” or “advertising ID” generated by Android. There are also apps that read and send the address book, SMS or other personal data from the smartphone. Recognition value: Advertising networks and analysis services recognize devices, for example by the Android ID, as it is device-specific and is only regenerated when the smartphone is reset to the factory settings.

Some apps transmit passwords unencrypted: Apps that log in with access data for a specific service pose an even greater risk. If these apps transmit user data unencrypted, they could be recorded by data spies - whenever the smartphone is logged into a public hotspot, for example in a restaurant, café or hotel. Since many users use the same user data for several Internet services, this leaves the door wide open to criminals.

Tip:The best tips for Android 7 "Nougat"

Manage app notifications

To keep your data private, you should check the permission settings of your apps and adjust them if necessary. You must uninstall extremely curious applications as soon as possible.

Check app rights: First of all, you should get an idea of ​​the current situation: Which apps are installed and which rights do they require? You can get an overview of this under "Settings -> Apps -> [Name of the app] -> Authorizations". To check the app's permissions before installing it, tap "Install" on the app to be downloaded in the Google Play Store. The access rights are then displayed, which you confirm by tapping on "Accept / Download". If it is then not clear why a game app wants to access your personal information, for example, it is best not to download this application in the first place.

EnlargeYou can use the "SRT Appguard" app to assess how safe an application is.

Restrict access rights: As of Android 6.0, you can deactivate individual permissions that an application requires within the app info. With the "SRT Appguard" you can also manage the authorizations on other Android devices. Since the application is currently no longer available in the Google Play Store, download the APK file from and install it on your smartphone. With "SRT Appguard" you can monitor selected apps for their behavior and any access to security-relevant resources. The application gives you a reliable risk assessment for all installed apps: the messenger app “Whatsapp”, for example, did not do particularly well at the time of the test with a risk score of 8.8. If an app accesses your data and you do not want to give it permission to do so, you can withdraw the corresponding rights from this application using "SRT Appguard". Warning: As soon as you enable monitoring for an app, it will be deleted along with its data, which means, for example, that game saves will also be lost with it. Then you just have to confirm the reinstallation. You can monitor a maximum of four apps with your test account; For other applications, you can switch to the pro version, which costs 3.99 euros. You can check already installed apps via the item “Monitor new app” in the “SRT Appguard” menu. After selecting the application to be monitored, the security app guides you through the necessary steps. Under the menu item "Manage monitored apps" you can change the permissions of an application. If you want to restore the original version of an app, then select the option "Restore original app" under the same point.

EnlargeRecord the data traffic from other apps with the “tPacketCapture” application.

Testing: which app sends what?

It is not easy to find out for yourself which app sends which personal data over the Internet. One starting point is to record the entire data traffic ("sniff"), if possible separated by app, and to evaluate it. Recording is not a major problem on rooted Android devices with suitable apps such as "Shark for Root" and "Sniffdroid". The only sniffing app known to us that works without rooting is "tPacketCapture". It uses a trick to get to the network data without incisive system access: a simulated VPN connection. Actually, the VPN function of Android is there to connect encrypted to a (different) internal network via the Internet and a VPN server. Depending on the configuration, all or only certain network data is sent to the VPN server with an existing VPN connection. "TPacketCapture" simulates a local VPN server, establishes a connection to it and can thus log all data.

Tip:Reset Android correctly and safely - this is how it works

EnlargeYou can find your Android device under the IP address that begins with the number combination 10.8.

Step 1: start the middle cut