WiFi mouse app contacting Chinese servers in background

In my efforts to track down a wake lock that was eating battery, I installed Network Log. I found s something a bit disturbing. WiFi Mouse by necta.us, an app in Google's app store to let your touchscreen act as a mouse, Would
A) not exit after pressing back and hitting "yes" to exit but rather,
B) continue secretly running, making occasional contact with various servers in China. Overnight it contacted 15 different IP address, all of them Whois showing as a variety of Chinese companies with different names and address blocks. Sometimes it would use port 80, usually 224, 226, 226, 227, 228, or 230. This would happen at least every 15 minutes and some of the transfsers were up to 9.7k in length. After exiting, none of the traffic was to my wifi mouse server application.
Some of the IP blocks included:
119.161.221.218:226
110.173.1.68:228
42.51.12.84:HTTP

I understand there are legitimate reasons for an app to do this. Perhaps checking a license. But this is downright scary and excessive, especially since it continues after one "exits" the program.
My next step will be to install shark and take a look at the packets' contents.

In the meantime I wonder if anyone could help shed light on this.

Edit: installed es task manager to kill it, but it's not running. Somehow it's being signaled or on a timer. Next stop is systemcleanup to take a look at its activities and permissions in detail.
Edit 2: had to force stop it, it was running but not showing up in task manager. It's permissions include reading and modifying usb storage and of course full network access.

Show Accepted Answer

Guest Quick Reply (No URL, BBcode or HTML)

Last post by gladyce60
3 hours ago
Last post by amueller
1 hour ago
Last post by ubode
3 hours ago
Last post by west.alexander
53 minutes ago
Last post by robel.kaleb
1 hour ago
tcl_record
Started by lboehm
Last post by misty25
2 hours ago
Last post by rjacobi
4 hours ago
Last post by qoconner
2 hours ago