Android malware is something my readers will be familiar with. As you know most Android threats are coming from third-party app markets, SMS and email phishing and malicious URL links, or redirectors as they are called in the security industry (See Bootnote). But what about mobile in-app advertising or as some refer to it “adware”? You might say there is nothing to worry about. Read on to find out why you should be concerned about your privacy.
Mobile in-app advertising is a growing and lucrative market, especially given smartphone screens are getting larger. The ad revenues will continue to grow while at the same time the ad platforms will look to collect more of your Android device’s personal data so they can target you with specific ads – think of this as behavioural advertising or Interest-Based Advertising.
The main reason for in-app advertising is to generate an additional income for developers who right now are giving away their apps for free. Developers can make money from in-app game purchases and in-app advertising. So what about your mobile device data?
The data that is collected can be as specific as geolocation, IMEI, IMSI and the unique ID of the device as well as contact, SMS and call data. So how can you decide whether you want these mobile ad platforms to have access to this information? Well, right now, you cannot stop the ad networks from accessing your device. The only option is, if you see ads in an app, you can uninstall the app. One suggestion however, might be to allow you to disable/block the ad from having access to your Android device permissions. Even better you should be allowed the opt-in or opt-out, but right now you don’t have this option.
The mobile ad-networks are looking to collect as much data about you and your Android device, so they can target you more specifically and also sell/rent your data to other data collection houses or ad platforms. This isn’t actually anything different to what say Google does with Gmail, but you do have a choice to opt out. Realistically right now you have no control whatsoever on who has access to your Android device data.
Another contentious issue right now is how does Google and in particular mobile security vendors classify this adware? Some vendors classify adware as “greyware” rather than “spyware or badware”. But being really honest, it’s unclear whether mobile security solutions will be able to continue to classify the mobile ad platforms as “adware”.
Remember: Spyware was rife in PCs in the early years and it took the industry and consumers years to come to terms with the evasive nature of this type of privacy threat. Mobile adware is on the rise and may well take the same route as in the PC domain, so be prepared for what might be around the corner.
Safe surfing folks!
Bootnote: There is also the issue of operating system fragmentation which is where devices are not being updated to the latest versions – but right now this is probably slowing down the proliferation of Android malware rather than increasing the variety of threats.