Zscaler finds a 'big number' of Google Play apps with overly aggressive adware

A security vendor has found a large number of Android apps in Google Play with overly aggressive adware, raising questions about whether Google is effectively policing its online store.

Zscaler, which provides cloud-based security for mobile devices, on Thursday published research that found one or more antivirus vendors had flagged 22% of the 8,000 popular apps it tested.

"This is a big number," Viral Gandhi, security researcher, Zscaler ThreatLabZ, said in the company's blog. "Most of the applications were flagged by AV vendors due to their excessive inclusion of ads and deceptive practices for delivering them, including altering device settings."

The point at which adware invades a person's privacy is difficult to define. Ad networks pay developers to use their apps to deliver targeted advertising. For the advertisers to deliver ads relevant to the recipient, some personal information has to be collected by the adware installed with the app.

In general, adware invades privacy when it collects more data than what's needed to run the app and does not make it easy for the user to learn what's collected and how it is used.

Zscaler defines adware as exhibiting one or more "intrusive behaviors without requesting appropriate user consent." Those behaviors include harvesting excessive personally identifiable information, collecting the unique identifying number of the device, initiating phone calls and text messages and leaking location information, email addresses, contacts, calendar appointments or other personal information.

Zscaler found that a quarter of the 1,845 adware-carrying apps it discovered were flagged by 10 or more AV vendors, based on VirusTotal's engine for scanning files and URLs for malware. Google acquired the free service last year.

Zscaler claimed its findings illustrated the conflicting interests between Google and AV vendors. While Google wants developers to make money so they'll build apps for the Android platform, AV vendors have to show they can identify bad behavior, which justifies the cost of their products.

"Therefore, Google has plenty of incentive to allow apps with aggressive advertising practices," Gandhi said. "AV vendors on the other hand have no such incentive, but are instead under pressure to show that they are adding value by identifying malicious/suspicious/unwanted content."

Google did not respond to a request for comment, but Sorin Mustaca, data security expert for AV vendor Avira, said Google has been working with AV companies since buying VirusTotal. The collaboration has focused on detecting suspicious apps on Google Play as quickly as possible.

Rather that reflecting a conflict between Google and AV vendors, Zscaler's findings are more the result of the difference in which vendors detect adware, the fact there are thousands of apps to evaluate and the lack of a clear definition for privacy infringement, Mustaca said.

"I think that we will see in time a more clear guideline coming from Google in regards to ads," he said.

Adware commonly flagged by AV vendors include Airpush, Leadbolt, Airmob and Plankton, according to Zscaler. While the ads they display on a smartphone's home screen may be annoying, they are not illegal.

Corporations with employees using their own devices for accessing networks can protect themselves from data leakage through a number of mobile security tools, included device management and AV products.

"For sensitive entities (such as government agencies), there may be some concern here, but in general this is more of an end user problem," said Michael Sutton, vice president of security research at Zscaler.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsadwareGoogleGoogle Playsecuritymobile securityzscalersoftwareData Protection | Wirelessdata protection

More about AviraGooglezScaler

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place