How ads undermine Android security

Summary:Are you giving the app permission .. or the ad module? Or both?

A lot of Android developers are now offering their applications for free, choosing instead to monetize them using in-app advertising. But in-app advertising can also leave the end user vulnerable to malware and data leakage.

The problem is that when users install and Android app, they are asked to grant the app certain permissions. However, the problem is that users are not only granting permissions to the app, but also to any ad modules that the app might be shipped with. The way Android displays permissions doesn't make this clear.

Image credit: F-Secure

Think that this can't happen? It can. Here's an example from F-Secure of an Android app that was itself clean, but the ad module it contained harvested phone model details, Android version, phone numbers and IMEI numbers and sent them to a remote server.

What's the solution? Well, the good folks at F-Secure have an idea.

Wouldn't it be clearer to the user if the Permissions tab indicated how the permissions were used by both the main app and the ad module? Or better still, there was a separate permissions tab for the ad module? This would give the user with a clearer idea of what the main app/ad module will do, and they would be in a better position to chose whether they want to proceed with the installation.

Makes sense. Android is under pressure from the bad guys, from Trojanized apps in the official Google Market to vulnerabilities in the bloatware that OEMs pack onto handsets, there are real security issues facing Android users. It's getting so bad that Microsoft kicked off a marketing campaign for Windows Phone based on user frustration with the Android platform, calling it 'Droidrage.' Problem is,so far Google hasn't seemed to want to tackle these thorny issues.

One thing's for sure ... as the popularity of Android grows, something has to change.

Related:

Topics: Software Development

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.