Monitoring Android apps and threats

Last weekend, I hardly used my phone (I know, an IT professional who doesn’t use his phone on weekends!?). However, I noticed something peculiar; my battery kept draining as if I was using it.

This didn’t seem right. My curiosity led me to investigate because thats obviously what Batman would do, and when in doubt, channel your inner Batman. 

I looked at my app activity history though my settings. Nothing there seemed out of order. Next I looked at how much data each app was using for those few hours. Again, nothing stood out.

I only have 5 or 6 apps other than Google stock apps on my phone, so I looked through each, and nothing stood out.

This was getting interesting.

So I went into my “Bat-Cave” and fired up my trusted sidekick PC, “Zanpakutō“. P.S if you don’t know what a Zanpakuto is, watch Bleach, its fantastic! In my PC I have a program called “Glasswire” which allows me to keep track of every activity connecting to the network, whats downloading, where the connection is going and whether I should allow that app to connect to the internet or not (I am not a spokesperson for this company nor endorsing this app, It’s simply a tool that was handy at the time). What I was looking for here is the ability for Glasswire to monitor other devices connected to my network and see their internet activity. Luckily, Glasswire also has an Android app, so I downloaded that from the Play Store. Note that Glasswire is a firewall, packet analyzer and a network monitor. Think of wire-shark with a GUI (graphic user interface).

Glasswire results:

After about an 3 hours of monitoring my phone while it was idle, I saw a few network connections made by some of my Google stock applications as well as other applications, which were not active by the way. The first connection was made by Skype. Yes, Skype made several connections to Microsoft, without me initiating it. In fact, I only use Skype ONCE a month. So it was interesting to see Skype actively connecting to the internet a few times a day. Next, my Download Manager kept connecting to the internet too. Apparently even if you are not downloading anything, Google’s download manager will from time to time “phone home”. Next,Google Play Movies & TV app made several connections. Why?! I never watch movies from Google play. This one was even more fascinating, my Phone app was constantly connecting to the internet too! Why is my phone app connecting to the internet so often? My next app was even more scary because I specifically set this app NOT to do back ups or upload anything to the cloud. Apparently those settings are optional as my Photos app made several connections to Google. Not sure what they were exchanging. I specifically set Photos to keep all my photos local to my phone, no back up and certainly no sharing via the internet. Maybe it was a routine Google communication.

Conclusion:

Even though I have few apps and max security on all my apps and disabled all apps I don’t use, there is still some questionable network activity. I keep apps like Glasswire so that I know what my apps are doing within my systems, where they are connecting to and if those destinations are malicious or legit. With Android phones, this is very important because there is a lot of malware and viruses in the wild.

As always, browse safely.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 1 =