Privacy taking a backseat? Adware on Android on the rise

Adware targeted at devices running Google's Android operating system has increased 61 percent globally, security software maker Bitdefender says.

Adware used to gather everything from address book contacts to text in SMS messages grew worldwide by 61 percent during a five month period ending this past January, Bitdefender's research found.

"With adware gleaning more user data from people's devices than they would normally need to and developers bundling more than one adware framework into their apps, user privacy is increasingly taking a backseat to profit for developers and advertisers," said the Bitdefender report obtained by "TechHive Wednesday.

"More and more unknown third parties now have access to user browsing history, phone numbers, email address and everything they need to compile comprehensive and personalized user profiles," it added.

Adware growth rates vary by region, the report notes. The growth rate in the United States, for example, was 35 percent.

It's not just adware that's on the rise, according to Bitdefender; malware aimed at Android users also increased during the five month period by 27 percent.

As might be expected, adware pushers were very active during the holiday season. More than half the increase for the entire five month period came in November, during the run up to Black Friday and Cyber Monday holiday shopping period.

"While adware is not inherently malicious, it can collect phone numbers, contacts, and email addresses that are broadcasted to third-party services or sold to the highest bidder," the study notes. "The underground market greatly values such data as it can be used by marketers to profile users."

Personal information isn't the only kind of data vulnerable to adware peekers, Bitdefender says. With a growing number of personal devices doubling as work machines, company information could also be gleaned from a phone by adware.

Adware is often added by developers to an app so they can offer it for free while still earning some money from it, explained Liviu Arsene, a mobile threat researcher at Bitdefender who wrote the study.

"What users don't know and many developers don't care about is how adware frameworks work," he told TechHive.

An adware "framework" is a package of code a developer can plug into his app to perform tasks for an advertiser. Those tasks could be placing ads on the app's screen or spamming a user with nagging popups.

"They also collect tons of data that they don't need," Arsene said. "It doesn't matter if the app needs the data or not. It just collects it."

One reason many Android developers resort to adware is because paid apps aren't very popular with Android users, according to Dirk Sigurdson, director of engineering for Mobilisafe at Rapid7 in Boston.

"The likelihood of customers paying for an application is very low in the Android market, especially compared to the iOS market," Sigurdson said.

Android's method for granting permissions to apps to collect data from a phone also contributes to aggressive harvesting of information by adware, he added.

Android shows you a list of permissions that an app wants, but it's an all-or-nothing proposition, forcing a user to read a laundry list of permissions.

"Most of the time a user will download the application, ignore the list of permissions and just click OK," Sigurdson said.

Security firms have been warning Android users for some time about the dangers posed to privacy by adware and malware. Some of those warnings have been dismissed by critics who say the firms are out to sell software by hyping the dangers involved.

Tags: Google, consumer electronics, security, Android, smartphones, bitdefender, privacy

German researchers hack Galaxy S5 fingerprint login

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Continuity Management Solutions

Automate business-continuity and disaster-recovery planning and enable crisis management in one solution.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.