MIT researchers find covert communication connections have no effect on user experience

More than half the data transferred to and from 500 popular Android applications was found to have little or no impact on user experience, according to a recent MIT study.

“We looked at the communication of mobile applications and counted the number of statements in the application that establish these connections,” said Julia Rubin, a postdoctoral candidate in MIT’s Computer Science and Artificial Laboratory (CSAIL).

She said it’s no surprise that mobile applications release private or general information, but she and the researchers wanted to see what it is the user sees or experiences when an application sends out information, and to understand the behavior of these applications.

(Related: The EFF proposes a ‘Do-nor-track’ standard)

The researchers classified the communication of applications into two findings: covert communication, which does not affect the user experience; and overt communication, which does.

Covert communication is hidden from the user and releases information without the user’s knowledge or affecting his or her experience. Thus, if a user disables it, his or her experience will stay the same. But overt communication contributes to the application’s functionality, which is anticipated by the user.

Rubin explained covert communication with an example of a Wal-Mart app that allows a user to scan a barcode and get a price. When the user scans the barcode, there are two channels where the information is released. The first sends a query to the Wal-Mart server, and as a reply the server gives the price of the item. At the same time, the same data will go to a different server—perhaps to the manufacturer of the item—and the application behaves the same for the user.

“From a user point of view, nothing happened, but there was an extra release of information, which we looked at and we didn’t see any visible immediate damage,” said Rubin. “We found out applications establish many communication channels with different servers, and around half of these channels we didn’t see any effect on the user experience.”

Rubin said there could be a good reason for covert communication, but a majority of it can be attributed to analytics. It could be a way for the application to understand user patterns or the health of the application, none of which affects the user’s ability to use it.

Rubin said it is hard to figure out the underlying purpose of covert communication, and since it doesn’t affect the user’s behavior, they don’t have enough data to determine how much covert communication releases private information. In some cases, they saw private information had been handled covertly, but they did not explore all 500 applications.

The researchers are looking to develop the study and do more research in the near future.

People who have heard about their research seem to interpret the use of covert communication as not being necessary for the functionality of the application, according to Michael Gordon, former CSAIL researcher.

He agreed that some of the communication might not be necessary, and it might affect the phone by using battery or bandwidth. This is something they would have to research further to find out.

Rubin said that if the application is constantly sending out information, it could be a concern. She said they found some applications that constantly sent out information, even if they weren’t opened.

“The nature and the frequency of all this communication is something to think about,” she said.