• United States



john_mello jr

Privacy taking a backseat? Adware on Android on the rise

Mar 27, 20133 mins
AndroidData and Information SecurityGoogle

Adware targeted at devices running Google’s Android operating system has increased 61 percent globally, security software maker Bitdefender says.

Adware used to gather everything from address book contacts to text in SMS messages grew worldwide by 61 percent during a five month period ending this past January, Bitdefender’s research found.

“With adware gleaning more user data from people’s devices than they would normally need to and developers bundling more than one adware framework into their apps, user privacy is increasingly taking a backseat to profit for developers and advertisers,” said the Bitdefender report obtained by “TechHive Wednesday.

“More and more unknown third parties now have access to user browsing history, phone numbers, email address and everything they need to compile comprehensive and personalized user profiles,” it added.

Adware growth rates vary by region, the report notes. The growth rate in the United States, for example, was 35 percent.

It’s not just adware that’s on the rise, according to Bitdefender; malware aimed at Android users also increased during the five month period by 27 percent.

As might be expected, adware pushers were very active during the holiday season. More than half the increase for the entire five month period came in November, during the run up to Black Friday and Cyber Monday holiday shopping period.

“While adware is not inherently malicious, it can collect phone numbers, contacts, and email addresses that are broadcasted to third-party services or sold to the highest bidder,” the study notes. “The underground market greatly values such data as it can be used by marketers to profile users.”

Personal information isn’t the only kind of data vulnerable to adware peekers, Bitdefender says. With a growing number of personal devices doubling as work machines, company information could also be gleaned from a phone by adware.

Adware is often added by developers to an app so they can offer it for free while still earning some money from it, explained Liviu Arsene, a mobile threat researcher at Bitdefender who wrote the study.

“What users don’t know and many developers don’t care about is how adware frameworks work,” he told TechHive.

An adware “framework” is a package of code a developer can plug into his app to perform tasks for an advertiser. Those tasks could be placing ads on the app’s screen or spamming a user with nagging popups.

“They also collect tons of data that they don’t need,” Arsene said. “It doesn’t matter if the app needs the data or not. It just collects it.”

One reason many Android developers resort to adware is because paid apps aren’t very popular with Android users, according to Dirk Sigurdson, director of engineering for Mobilisafe at Rapid7 in Boston.

“The likelihood of customers paying for an application is very low in the Android market, especially compared to the iOS market,” Sigurdson said.

Android’s method for granting permissions to apps to collect data from a phone also contributes to aggressive harvesting of information by adware, he added.

Android shows you a list of permissions that an app wants, but it’s an all-or-nothing proposition, forcing a user to read a laundry list of permissions.

“Most of the time a user will download the application, ignore the list of permissions and just click OK,” Sigurdson said.

Security firms have been warning Android users for some time about the dangers posed to privacy by adware and malware. Some of those warnings have been dismissed by critics who say the firms are out to sell software by hyping the dangers involved.