In my efforts to track down a wake lock that was eating battery, I installed Network Log. I found s something a bit disturbing. WiFi Mouse by necta.us, an app in Google's app store to let your touchscreen act as a mouse, Would
A) not exit after pressing back and hitting "yes" to exit but rather,
B) continue secretly running, making occasional contact with various servers in China. Overnight it contacted 15 different IP address, all of them Whois showing as a variety of Chinese companies with different names and address blocks. Sometimes it would use port 80, usually 224, 226, 226, 227, 228, or 230. This would happen at least every 15 minutes and some of the transfsers were up to 9.7k in length. After exiting, none of the traffic was to my wifi mouse server application.
Some of the IP blocks included:
I understand there are legitimate reasons for an app to do this. Perhaps checking a license. But this is downright scary and excessive, especially since it continues after one "exits" the program.
My next step will be to install shark and take a look at the packets' contents.
In the meantime I wonder if anyone could help shed light on this.
Edit: installed es task manager to kill it, but it's not running. Somehow it's being signaled or on a timer. Next stop is systemcleanup to take a look at its activities and permissions in detail.
Edit 2: had to force stop it, it was running but not showing up in task manager. It's permissions include reading and modifying usb storage and of course full network access.