An undercover investigation has found "shady" mobile advertisements practices in China, ranging from advertising on pirated copycat apps and mining user data to sell to advertising agencies.
According to Sina Tech on Wednesday, China state television network, CCTV, sent reporters posing as clients to mobile advertising agencies to enquire about products they offered. A representative of Wooboo mobile advertising agency told reporters they advertised mostly on pirated apps, but it was not a copyright problem since they did not develop the pirated apps, but just served ads. It then split the profits with those developers.
Another representative from Yinggao agency noted its advertising platform was equivalent to "having a tracking device installed on [users]". "Wherever you go, we'll know about it. As long as you're connected to the network we'll know," he said.
He added information is gathered through a plugin that runs unnoticed in the background and comes bundled with the software served by the advertising agency. They are able to share a user's location, phone number, address book, and other personal data with the advertising agency, he said.
Mobile advertising agency, Youmi, also told reporters it could mine personal data from smartphone users and the information is useful as it allows the company to cater other services such as pushmail and text messages. This provides extra avenues for revenue.
CCTV then cited industry statistics which stated 73 percent of malicious advertising would attempt to get user location information, while 47 percent of them would target users' phone number, pointing to higher security risks for users.
This echoes the view of Avi Rosen, director of online threats managed services group at RSA, who told ZDNet Asia previously that as mobility gains traction, cybercriminals will see mobile apps as a way to gain access to user devices. Users believe the software is safe as long as it is published on appstore, but there are many rogue apps today which masquerade as original apps but secretly steal information from consumers devices, he said.