How ads undermine Android security
Summary: Are you giving the app permission .. or the ad module? Or both?
A lot of Android developers are now offering their applications for free, choosing instead to monetize them using in-app advertising. But in-app advertising can also leave the end user vulnerable to malware and data leakage.
The problem is that when users install and Android app, they are asked to grant the app certain permissions. However, the problem is that users are not only granting permissions to the app, but also to any ad modules that the app might be shipped with. The way Android displays permissions doesn't make this clear.
Image credit: F-Secure
Think that this can't happen? It can. Here's an example from F-Secure of an Android app that was itself clean, but the ad module it contained harvested phone model details, Android version, phone numbers and IMEI numbers and sent them to a remote server.
What's the solution? Well, the good folks at F-Secure have an idea.
Wouldn't it be clearer to the user if the Permissions tab indicated how the permissions were used by both the main app and the ad module? Or better still, there was a separate permissions tab for the ad module? This would give the user with a clearer idea of what the main app/ad module will do, and they would be in a better position to chose whether they want to proceed with the installation.
Makes sense. Android is under pressure from the bad guys, from Trojanized apps in the official Google Market to vulnerabilities in the bloatware that OEMs pack onto handsets, there are real security issues facing Android users. It's getting so bad that Microsoft kicked off a marketing campaign for Windows Phone based on user frustration with the Android platform, calling it 'Droidrage.' Problem is,so far Google hasn't seemed to want to tackle these thorny issues.
One thing's for sure ... as the popularity of Android grows, something has to change.
Related:
- Virtualization doesn't fix all of Android's ills
- Microsoft offers Android malware victims free Windows Phone handsets
- Six Android issues that Google doesn't want to address
- Android bloatware results in serious security flaws
- Are security firms that warn of Android malware 'charlatans and scammers'?
- Android Trojan records conversations, can send them to bad guys
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: How ads undermine Android security
RE: How ads undermine Android security
most companies wont allow the use of rooted phones on their network.
RE: How ads undermine Android security
The devil you say!
RE: How ads undermine Android security
I don't know the OS well enough to answer that question myself.
WKCook
RE: How ads undermine Android security
Rooting
That's a great idea - IF - you know what you are doing. I only know enough to get myself in trouble so - no thank you!
Right. Because heading out to some internet site to download a
RE: How ads undermine Android security
He's right you know
If Google (who are counting on the customer trusting them) can't be trusted to prevent this sort of thing, what would make me think that the people behind Cyanogenmod would be any better? At least if harm is done I can sue Google for recompense. Who would I go to in the "open source community" if there's a problem?
Linux on my PC is one thing. On my phone is another (bag of unknown) that I'm not comfortable with.
RE: How ads undermine Android security
But... I thought Android was perfect and anyone who didn't think so or didn't want to root their device was just stupid and a minority... That what Linux_Geek, et al told me...
(If you don't get sarcasm, ignore this post.)
RE: How ads undermine Android security
Instead, use proven ROMs from known sources!
Complicated or what?
Sheesh!
RE: How ads undermine Android security
WKCook
RE: How ads undermine Android security
How about telling us the name of the app so we can avoid it?
RE: How ads undermine Android security
I am hesitant only because there seem to be many apps that have the same name.
This was Word Solver Lite. It had 4.5 stars and the majority of reviews were good. When opened it stayed resident in the bar at the top of the screen. You had to use the programs menu to exit and that did not always work. But the ads were the most disturbing (I???m an old fogy so not everyone may agree). There were a few regular ads but most were of the social networking variety...And most of those involved scantily dressed women offering to chat, etc. It is easy to accidentally click/touch as I once did. I was immediately offered a chat session with someone in my home town that wanted to meet me. Just didn???t seem right so I uninstalled.
What good is the market and reviews if you can???t trust what you read?
Anyway, I???ll get off my soapbox. You can always go read about the app on the Market w/o installing.
WKCook
RE: How ads undermine Android security
Google needs to curate apps and ads in the Android Market
But then
...what would be the difference between a "nanny Google" and the "nanny Apple" that so many hate precisely because they wield so much control?
Personally I don't have a problem with it, but the question does arise ...
RE: How ads undermine Android security
Because anything Google (or the Open Source community) does is good and anything Microsoft, Oracle or the Big Bad Apple do is bad. Duh.
RE: How ads undermine Android security
+1
Developers and In-App Advertising