Increasingly virulent adware threatens Android user privacy

New generations of adware targeting Android smartphones are increasingly violating user privacy by grabbing personal information and using it without permission, a new study shows.

Although most adware is designed to collect some user information, the line between legitimate data gathering and violating privacy is starting to blur, finds a report released Monday by Trend Micro.

The trend is said to be due to the increasingly aggressive behavior of advertising networks that offer mobile app developers a variety of ways to display ads.

Ads contained within an app are considered legitimate; as long as the app developer discloses the personal information used to display advertising that is most relevant to the recipient.

The process becomes a privacy issue when app developers take more information than they originally asked for and then sell it to ad networks.

"These aggressive apps can force your device to leak more information than what's necessary, which can become a privacy and security risk," said Tom Kellerman, vice president for cybersecurity for Trend Micro.

[See also: Web still king, but email stages scam comeback]

Trend Micro identified two ad networks, AIRPUSH and ADWLEADBOLT, that it said were indicative of the trend toward privacy abuse. The networks use the information collected from unsavory app developers to send ads outside the app in the form of notifications. Viewing the notification opens the phone's Web browser and sends the user to the advertiser's website.

Profit is behind the move toward unethical data-gathering practices. App developers store an Android user's personal information in an ad library, which is made accessible for a price to ad networks. Data that can help build the most effective targeted ads has the most value.

A study by researchers at North Carolina State University and the Technical University Darmstadt, Germany, found that some ad libraries contained call logs, account information or phone numbers. "Such information can be used to deduce the true identity of the user, enabling more comprehensive tracking of the user's habits -- at the cost of all pretense of privacy," the researchers said.

Hackers often know the apps that gather excessive amounts of personal data and will write malware capable of siphoning off the information, Kellerman said.

"These aggressive apps are usually poorly constructed," he said. "Not poorly in terms of functionality, but poorly in the sense of security and they become a beachhead [for malware]."

Along with the privacy threat, adware also damages the operation of the smartphone by making it run slower and drain battery power. A study by Purdue University and Microsoft found that as much as 75% of the energy used by free apps is from third-party advertisement modules.

Trend Micro also found that the number of malware targeting Google's Android platform is continuing to soar. The number of malicious apps went from 30,000 in June to nearly 175,000 in September, a sixfold increase.

The openness of the Android platform has made it a favorite target for malware. The quality and security of apps depends on the online market, which may not vet software before it is made available.

Android malware is a particular problem on markets based in foreign countries. In August, Argentina, Kuwait, Russia, India and Brazil, respectively, were the top five countries with the highest risk of malware download.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags android malwareapplicationstrend microsecuritymobile securityADWLEADBOLTAIRPUSHsoftwareData Protection | Wirelessdata protectionads

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place