Aggressive Ad Networks Gaining Control Of Google Android, Study Finds


Aggressive advertising networks linked to mobile apps on Google Android devices are gaining unfettered access to sensitive user data, location information and browsing habits that many users would consider private.

The aggressive advertisers are connected to Android apps via ad libraries, safely coded into the underlying application by the software developer who created the app, according to a new study issued today by Symantec. The more than 65 advertising networks go relatively unchecked, gaining virtually no scrutiny from authorities or Google controls, and about half of them are considered aggressive, said Kevin Haley, director of Symantec Security Response. It would be difficult for Google to monitor them, Haley said.

"Typically, ad networks monitor themselves, but if the ad network itself is bad then they're not being monitored," Haley said. "Google reviews the apps once that app is out in the field, but the ad network data is not really going through any Google property."

[Related: Play It Safe: Google Pulls Android Apps Tied To Dangerous Ad Platform
]

Mobile apps connected to those aggressive ad libraries are steadily rising and make up a large percentage of mobile malware, Symantec found. The number of mobile apps that can be classified as adware reached over 23 percent in the first half of 2013. "On average, apps were trending towards using two ad libraries, regardless of how aggressive the ad libraries are," Symantec said in its report.

The Symantec study found that aggressive advertising is no longer restricted to freely available gaming apps. In fact, most people at risk of being duped by overly aggressive ad networks are device owners who use apps designed to personalize the device.

Live wallpapers and widgets are sometimes associated with aggressive ad networks and harvest device owner data. Also, apps designed to make the homescreen unique or more useful are increasingly collecting user data and go unchecked, Symantec said. Some apps are being developed that track user behavior and physical location to trigger useful information, commonly used apps and other features, such as automatically silencing the device when the user is in a library or meeting. While the features are useful, the data they collect is being harvested and can be sold to just about anyone, Haley said.

Symantec said the most aggressive adware leaks private data, such as phone numbers or user account information on device owners. The apps can collect and potentially leak location information and mobile network information.

"We're worried less about what the advertiser can do with the data, and more concerned about how a fraudster can manipulate the information for much more nefarious activities," Haley said.

NEXT: Adware Dangers Force Google To Take Action

The seriousness of the adware threat came to a head last week, when Google removed apps from its Play Store for being linked to an aggressive ad network containing serious vulnerabilities. Security firm FireEye found flaws in the ad library that could be used by cybercriminals to create a mobile botnet, snoop on user devices or steal account credentials. The ad network, which wasn’t named, pushed out an update fixing the flaws and some apps dropped support of the ad library, FireEye said.

A Google spokesperson contacted by CRN said the company removed the apps for violating the Play Store terms of service and declined to comment further. If an app has app ads, those ads are held to the same Play Store policies agreed upon by developers in Google’s Play Store Terms of Service and program policies. Automated and manual checks ensure that apps abide by policies.

The percentage of apps containing aggressive adware increases each year, Symantec said. In 2012, about 15 percent of apps seen in Google Play included adware. By the end of June, Symantec said it identified 23.8 percent of apps containing aggressive advertising tactics. Third-party app stores contain the bulk of the Android malware and the most aggressive advertising networks, Symantec said.

Developers that use aggressive advertising libraries are more apt to connect to multiple advertising networks, Symantec said. The use of two ad libraries increased from 32.2
percent in 2011 to 35.5 percent in 2012, and it grew further to 43 percent in 2013, the study found.

Some apps identified as adware simply annoy the user by showing ads in the notification bar or playing a voice ad when making a phone call. In addition, roughly a quarter of the apps identified as adware by Symantec collect the device phone number or prompt the user to install other apps. More than two-thirds of ad libraries collect device information, such as its IMEI number or phone producer and model.

PUBLISHED OCT. 29, 2013