Aggressive advertising networks linked to mobile apps on Google Android devices are gaining unfettered access to sensitive user data, location information and browsing habits that many users would consider private.
The aggressive advertisers are connected to Android apps via ad libraries, safely coded into the underlying application by the software developer who created the app, according to a new study issued today by Symantec. The more than 65 advertising networks go relatively unchecked, gaining virtually no scrutiny from authorities or Google controls, and about half of them are considered aggressive, said Kevin Haley, director of Symantec Security Response. It would be difficult for Google to monitor them, Haley said.
"Typically, ad networks monitor themselves, but if the ad network itself is bad then they're not being monitored," Haley said. "Google reviews the apps once that app is out in the field, but the ad network data is not really going through any Google property."
Mobile apps connected to those aggressive ad libraries are steadily rising and make up a large percentage of mobile malware, Symantec found. The number of mobile apps that can be classified as adware reached over 23 percent in the first half of 2013. "On average, apps were trending towards using two ad libraries, regardless of how aggressive the ad libraries are," Symantec said in its report.
The Symantec study found that aggressive advertising is no longer restricted to freely available gaming apps. In fact, most people at risk of being duped by overly aggressive ad networks are device owners who use apps designed to personalize the device.
Live wallpapers and widgets are sometimes associated with aggressive ad networks and harvest device owner data. Also, apps designed to make the homescreen unique or more useful are increasingly collecting user data and go unchecked, Symantec said. Some apps are being developed that track user behavior and physical location to trigger useful information, commonly used apps and other features, such as automatically silencing the device when the user is in a library or meeting. While the features are useful, the data they collect is being harvested and can be sold to just about anyone, Haley said.
Symantec said the most aggressive adware leaks private data, such as phone numbers or user account information on device owners. The apps can collect and potentially leak location information and mobile network information.
"We're worried less about what the advertiser can do with the data, and more concerned about how a fraudster can manipulate the information for much more nefarious activities," Haley said.
NEXT: Adware Dangers Force Google To Take Action