Sleazy Ads on Android Devices Push Bogus 'Battery Upgrade' Warnings

Sketchy ads promote battery-saver apps for Android, but security experts say the programs are really designed to steal your data

Scareware has gone mobile: Users of Android devices are starting to see sleazy ads warning that they need to upgrade their device's battery. The supposed battery-saver apps that those ads prod you to download, however, could endanger your privacy or siphon money from your wallet--and generally they'll do nothing to improve your gadget's battery life, security experts say.

In some cases you don't even need to agree to download the apps. For example, PCWorld spotted one ad on an Android phone for a battery utility called Battery Upgrade. Tapping the ad--even by accident--launches the phone's Web browser, which automatically initiates the download of the app's installer file on the Android device.

"These ads cross a line," says Andrew Brandt, director of threat research for Solera Networks. It's one thing to market a worthless battery app, he says, but another to scare or trick people into installing a program they don't need.

The ads are similar to scareware marketing tactics that have appeared on PCs: Such ads pop up on desktops or laptops, warning that your computer is infected and advising you to download a program to fix the problem. In many cases those rogue system utilities and antivirus products are merely disguises for software that spies on users.

Why use battery ads as a ploy? They tap into a common anxiety, Brandt says. Phone users aren't yet concerned about viruses on their phones, but they are worried about their battery being sucked dry.

Privacy-Busting Battery App

Brandt says that one Android battery app, called both Battery Doctor and Battery Upgrade, is particularly problematic: Not only does it not upgrade a battery or extend a charge, but when it's installed and unlocked, it harvests the phone's address book, the phone number, the user's name and email address, and the phone's unique identifying IMEI number. With a phone user's name, IMEI, and wireless account information, an attacker could clone the phone and intercept calls and SMS messages, or siphon money from a user by initiating premium calls and SMS services. Once the battery app is installed the program sends the phone ads that appear in the drop down status bar of the phone at all times - whether the app is running or not. Lastly it periodically transmits changes to the user's private information and phone-hardware details to its servers.

Worse, the ad links to step-by-step instructions on how to lower your phone's security settings to install the battery utility, Brandt says. "There is no question in my mind that this technique could be used for something far more sinister than a worthless battery app."

What do the makers of Battery Doctor/Battery Upgrade have to say about their apps? We couldn't find them. No contact information for the publishers appears within the app itself. The domain that hosts the ad and download was registered through a service that shields the owners' contact information.

Big Brands and Popular Games Enable Sleazy Ads

PCWorld stumbled across the Battery Doctor ad on Hasbro's free, ad-sponsored version of Scrabble. EA Mobile, which developed and maintains the Scrabble app through a licensing arrangement with Hasbro, pulled the ad after PCWorld brought it to the company's attention.

"After becoming aware of the issue, we immediately resolved it by pulling the ad," says Ben Webley, head of global in-game advertising and sponsorships for EA. "Our user experience remains of the utmost importance to EA, and every ad network we work with signs up to a strict publisher-standards agreement."

But PCWorld also found other top free Android OS games delivering similar misleading battery warnings via ads. Earlier this year the hit game Angry Birds was displaying bogus battery ads that linked to malicious apps, according to Lookout Mobile Security.

In one of the Android Market's top 35 free games, an app called Guns, users can simulate target practice by pressing a big red button that serves as the trigger. Small ads run along the bottom of the game window, nearly touching the trigger button. One of the ads we saw read 'Super charge your battery and Android'. If your trigger finger should touch the ad, up pops an image of a stop sign (see image below) with the words 'Battery Upgrade Application' followed by 'Your battery needs an update.' Tapping that ad launches the Google Market app, where you are prompted to download a free app called Android Speed Booster. The following day, the same ad directed us to another Android Market app called Droid Gear Up.

We tried to contact the developer of Android Speed Booster using the email address in the Android Market listing for the program. We received a "delivery failed" message.

Earlier this year some unsuspecting Android users heeded battery-conservation ads and downloaded an Android Trojan horse program called Battery Saver (security experts know the malware by the name GGTracker).

Kevin Mahaffey, Lookouts cofounder, says that battery ads on the game Angry Birds pointed to an app in Google's Android Market that, when installed, tried to charge users $10 a month by surreptitiously sending out premium text messages via the customer's phone.

Malicious hackers like to target phones because they provide a direct payoff, Mahaffey says. "As opposed to your PC, a phone has a unique connection to a payment system (through your wireless carrier). When hackers have taken over a phone, that's the first thing they try to exploit," he says. With control of your phone, hackers can make premium 900-service calls or send premium text messages that put money directly in their pockets.

Android Is a Target

Security firm McAfee says that malware targets the Android OS disproportionately because it's the largest mobile platform in the world. In a 2011 report, McAfee says that malware targeting Android phones jumped 76 percent from the previous quarter (PDF).

Fortunately, the numbers of people who have been directly affected by mobile malware are still small: about 2 percent of U.S. Android users and 5 percent worldwide, according to Lookout's numbers.

Responsibility for his type of aggressive marketing--or scareware--may lie with unscrupulous advertisers crossing a line. According to Mason Tanner, a mobile ad broker with Green Fin Media, app developers can pay a commission of $1 to $3 per download of their app. The goal for dodgy advertisers, Tanner says, is to get you to install that app by any means possible.

"There is no grey area when it comes to pushing a download onto a device without a user's consent," he says. "It's wrong."

Joe Laszlo, a spokesperson for the Interactive Advertising Bureau, says mobile advertising is still relatively new, and many companies that broker ads are still trying to figure out how to screen out the bad actors. "There are no lesser standards for mobile ads," Laszlo notes. "Ads that are deceptive and fraudulent are no good, whether it's on a desktop Web browser or mobile device."

5 Safe-Phone Tips

Here are five precautions that you can take to keep mobile malware off your phone.

1. Be suspicious of messages that pop up on your phone and claim you need to update the device's software. When in doubt, call your wireless carrier and ask if you really need a patch or update.

2. Download mobile security protection. Lookout Mobile Security is a good free app; AVG Antivirus offers Anti-Virus Free and Norton has Norton Mobile Security. (See related: Protect Your Android Phone with Security Apps)

3. Pay close attention to the permissions that apps request. Google's Android Market breaks down exactly what each app wants to access on your phone. If a tic-tac-toe game wants to read your phone's contacts, for instance, be suspicious.

4. Read app reviews carefully, and consider the app's star rating and how many people have downloaded it. Be suspicious of third-party app stores that offer paid apps for free.

5. Watch for signs that your phone may be infected. If you see that your phone has sent text messages or email, or placed calls that you didn't initiate, your phone is probably compromised.

Copyright © 2011 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)