Rubin said there could be a good reason for covert communication, but a majority of it can be attributed to analytics. It could be a way for the application to understand user patterns or the health of the application, none of which affects the user’s ability to use it.
Rubin said it is hard to figure out the underlying purpose of covert communication, and since it doesn’t affect the user’s behavior, they don’t have enough data to determine how much covert communication releases private information. In some cases, they saw private information had been handled covertly, but they did not explore all 500 applications.
The researchers are looking to develop the study and do more research in the near future.
People who have heard about their research seem to interpret the use of covert communication as not being necessary for the functionality of the application, according to Michael Gordon, former CSAIL researcher.
He agreed that some of the communication might not be necessary, and it might affect the phone by using battery or bandwidth. This is something they would have to research further to find out.
Rubin said that if the application is constantly sending out information, it could be a concern. She said they found some applications that constantly sent out information, even if they weren’t opened.
“The nature and the frequency of all this communication is something to think about,” she said.