The big names may be behaving worse than the No. 1,000 app
Research carried out by mobile security specialist, ZScaler, has found that 22 per cent of apps on the Google Play Store contain advertising libraries that at least some antivirus vendors classify as adware. The libraries are classified as such due to overly aggressive advertising practices including capturing excessive personal information and the inclusion of ads via deceptive delivery models, including altering device settings. “People mistakenly assume that the most popular apps are likely to have more strict privacy controls, but in general, the top ten apps will not be doing anything worse or treat your privacy any better than number 10,000 or number 20,000,” observed Michael Sutton, director of security research with ZScaler.
After looking at the Top 300 apps in each category, half of entertainment and 41 per cent of personalisation apps are flagged as containing adware, says ZScaler .
The breakdown is as follows:-
• Entertainment 50 per cent
• Personalisation 41 per cent
• Music 19 per cent
• Education 18 per cent
• Comics 18 per cent
• Medical 17 per cent
• Finance 10 per cent
• Books 8 per cent
• Business 5 per cent
The reason why Zscaler sees adware as dangerous is that it exhibits at least one of the following behaviour:-
• Harvests excessive personally identifiable information
• Performs unexpected actions in response to ad clicks without appropriate user consent (appropriate user consent entails providing a clear alert in the application that the user can accept or decline before any behaviour takes place)
• Collects IMEI numbers, UDIDs or MAC addresses
• Initiating phone calls and SMS messages
• Changing wallpaper and ringtones
• Leaks location information
• Leaks email addresses
• Leaks personal information such as contacts, birthdays, calendar appointments
Seperately ZScaler has just dsicoverd that the Android malware, MouaBad.P, has the ability to read, write, send and receive SMS messages.
“Forcing Android applications to initiate calls to premium phone numbers controlled by the attackers is a common revenue generation scheme that we see, particularly in Android application distributed in third party Android app stores,” the company revealed.
Sutton claimed that its analysis of apps shows common themes across privacy as apps are often aggressive in terms of the user data that they want access to, and it is often because they are free apps.
“They track user information because the advertisers want that,” he argues.