Google at fault for adware in Play store apps, suggests Zscaler

Conflict of interest

Adware is now so deeply buried in Google's Play store that one in five of the most popular apps are rated a privacy risk by mobile security programs, an analysis by Zscaler has found.

The firm ran the top 300 apps in each of the Play store's main categories through a wide range of security products, finding that 1,845 were considered 'adware' by one or more programs, equivalent to 22 percent of the total.

All of these were marked out for bundling ads inside legitimate apps, sometimes deceptively, with a few even altering device and browser settings. Others captured personal data such as email addresses and device IDs without notifying users in a clear way and went on to push ads.

Concern about the volume of Play adware is not new but Zscaler's analysis makes some new and interesting points as to why it might be happening, starting with the popularity of a single API, Airpush, used at the core of many apps by developers.

But there is another and more unsettling reason why adware has turned into such an issue - Google's business model for the Play store is built on it.

"It is in the best interests of Google to appease advertising companies," said Zscaler researcher, Viral Gandhi. "Google wants to encourage developers to expand offerings in their app store and developers often profit from free apps through advertising. Paid apps may also include advertising, in which case, Google takes a direct cut from the app proceeds."

In a sense, the rise of adware underlines a conflict of interest. The Android platform needed as many apps as possible to attract users. Once there, these users had to be 'monetised'.

"Google has plenty of incentive to allow apps with aggressive advertising practices," Gandhi concluded.

Meanwhile, security vendors were under an equal pressure to spot behaviour that could be construed as being against the interest of users.

"There is a big gap between Google and AV vendors when it comes to adware. Ultimately, end users are stuck in the middle as they are left to decide if they will keep or delete the apps being flagged."

The two biggest categories for suspect apps were games and personalisation, for instance wallpapers and themes.

Zscaler's analysis of Google's motives seems harsh. Ultimately, if users feel they are being fed aggressive adware by too many popular apps, even free ones, they will be put off Android to Google's detriment. Google might also point out that users are now sophisticated enough to grasp that free apps have to be paid for somehow.

But what is acceptable and what isn't?

In June, mobile security specialist Lookout publically blacklisted a class of free apps after finding that 6.5 percent of them met its definition of adware. This is lower than that discovered by Zscaler but looked at a far larger number of apps.

In Lookout's view the real problem is the popularity of a clutch of ad networks embedded in the apps to generate revenue. Some follow best practice but a hardcore don't. Until Google makes a public stand on what is acceptable for apps the controversy looks likely to continue.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechGooglesecurityzscaler

More about GooglezScaler

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts