The team is now developing a tool that allows users to evaluate the riskiness of individual apps before downloading them. The researchers conducted a large-scale analysis of URLs embedded in 13,500 free android apps downloaded from Google Play.

The apps tested were created by reputable developers and downloaded by many people, among them popular social media, shopping, news and entertainment apps. Although apps connect to a complicated network of websites, both to function and generate advertising revenues, Michalis Faloutsos, a computer science professor in UCR's Bourns College of Engineering, said most users do not know their private information could compromised.

By developing and using a tool called AURA (Android URL Risk Assessor), the team identified more than 250,000 URLs accessed by the 13,500 apps, which they cross-referenced for trustworthiness using VirusTotal, a database of malicious URLs, and Web of Trust (WOT), a popular website rating system.

Almost nine percent of the popular apps interacted with malicious URLs (implicated in distribution of malware).Around 15 percent talked to bad websites (with intentions that vary from harming devices, stealing confidential data or annoying users with spam), while 73 percent talked to low-reputation websites, the researchers found. Also, 74 percent talked to websites containing material that is not suitable for children.

The team will present their paper at the IEEE GLOBECOM conference in San Diego tomorrow.