RESEARCH & RESOURCES

Smartphone Apps Show Some Surprising Data Usage in Recent Experiment

Cybernews installed the 100 top free apps from the Google Play Store, started them once while allowing the requested permissions, and then left the phone connected to the internet for 24 hours unused.

Note: TDWI's editors carefully choose vendor-issued press releases about new or interesting research and services. We have edited and/or condensed this release to highlight key study results or service features but make no claims as to the accuracy of the vendor's statements.

According to data presented by the Cybernews team, your smartphone could be sending data to Russia and China while you sleep. During the three-day experiment, when the Cybernews team installed the 100 top free apps from the Play Store on a factory-reset Android phone, the phone contacted various servers 6,296 times -- every 37 seconds on average;2323 queries were sent during the last 24 hours when the phone was not used at all.

Requests Landed in High-Risk Countries: Russia and China 

The experiment showed that the phone connected to Russian IP addresses at least 39 times. Moreover, logs revealed that the phone reached out to sites related to Russian tech giant Yandex at various times even though there were no Yandex apps installed.

Similarly, 15 queries landed in China through apps such as Taobao, which was not installed on the phone. 

Three times, the phone even connected to Vietnam to “talk” to some servers. 

Big Tech Tracks the Most 

It’s no surprise that three companies -- Google, Facebook, and Microsoft -- accounted for almost 50% of the overall traffic. Google alone made 595 queries (25.6%) from the phone in 24 hours; Facebook and Microsoft each contributed 12%.

What was surprising, however, was TikTok surpassed two of the Big Tech trio with at least 717 queries, or 30.8% of the phone’s background connections. 

In one day, the phone visited dozens of countries on five continents, but mostly the U.S.

Apps Suck Up Data 

Despite not opening or using apps, many of them still use data, ranging from a few hundred kilobytes to a few megabytes a day. However, although this usage does not seem that high, the phone was empty, leaving nothing to snoop around for. 

The network monitoring tool revealed that in 24 hours, the phone used 553MB of data; most of that was used by Google Play store updates and other Google services. Only 20MB were uploaded from the phone. 

TikTok used 56MB (of which 3.6MB was uploads), 47MB were used by Temu (1.23MB was uploads), and 8.7MB were used (0.24MB uploads) by Health Kit, followed by many phone services. Many apps, such as AR Draw, Emoji Merge Kitchen, or Filter for Good, used between a 100KB to 1MB of data. Proxy Browser used 1.11MB, while Meta’s Messenger used 941KB of data. 

However, even small amounts of data are more than enough to collect and send sensitive information about the user, such as location, network information, personal identifiers, or text communication and contacts. High data usage could signal audio/video data transmission. 

During the whole experiment, TikTok managed to use 317MB of data while running in the background. Facebook used 73MB, Meta App Manager used 41MB, Temu sent 22.16MB, and “AR Drawing” used 8.26MB. The phone, with all the app downloads and updates, used 8GB of data in total. 

“Although the data collected by these services is generally not that sensitive, journalists, activists, opposition, or other people that could be of interest to governments should take this extremely seriously and be careful. They should avoid using such apps or, at the very least, block traffic tracking services,” Cybernews researchers noted.

Experiment Methodology 

The Cybernews team took a factory-reset Android phone (the budget Samsung a52s phone), downloaded the 100 top free apps from the Play Store, started them once, gave them the permissions they asked for, and then left the phone connected to the internet for 24 hours unused. 

To check which servers, when, and where the phone would connect, all the traffic was routed through a private DNS (domain name system) service. The Cybernews team went an extra step and created new empty accounts for Google and social media apps, including Facebook and TikTok, and authorized them where possible.

The experiment was conducted in the middle of Europe, from Vilnius, Lithuania. Interestingly, the X app was not included because it was listed at 125.

TDWI Membership

Get immediate access to training discounts, video library, research, and more.

Find the right level of Membership for you.