Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Tom Simonite

A View from Tom Simonite

Six Percent of Free Android Apps Hide Intrusive Adware

Security company Lookout starts a campaign to “eradicate” the many apps that pester users with intrusive ads

  • June 26, 2013

As mobile computers have become more common, criminals have begun to explore ways to profit from exploiting them (see “Clues Malware Moving from PC to Phones”). However, figures released today by mobile security company Lookout indicate that people are more likely to fall victim to what it calls “adware” than classic criminal malware.

Gotcha: Lookout is to begin warning people when they have apps installed that are known to harbor invasive advertising technology (Credit: Lookout)

Lookout sampled 200,000 apps to conclude that 6.5 percent of all free apps in the store for Android devices meet the company’s definition of adware, broadly defined as any app that pushes ads on a user outside of its own interface without consent. Adware might use notifications or add icons to the device homescreen.

When a person in the U.S. installs Lookout onto their Android phone, there is a 0.9 percent chance they already have adware installed, says Jeremy Linden, a security product manager at Lookout. Linden says that suggests more than one million Android device owners in the U.S. downloaded adware in the past year. The chance a user will install adware far exceeds the combined risk of their installing malware that will spend their money, spy on them, or steal data, Lookout’s figures say. “It’s higher than any other app-based threat,” says Linden.

Today, Lookout will begin warning Android owners amongst its 40 million-person userbase when they install an app that meets its definition of adware, something of a shift for a company that, up to now, has focused more on the malware that has long been the core obsession of the security industry.

“Our goal is eradicate the worst of the unscrupulous advertising practices out there,” Linden told MIT Technology Review, adding that his company does not have a problem with ad-supported apps in general. “The small minority of ad networks that behave badly is making a lack of trust for the entire industry,” he says.

Lookout defines adware as an app that without consent shows ads outside its own user interface; collects unnecessary personal data, such as email address or phone number; or leads to SMS messages or phone calls.

Many mobile app makers rely on third-party companies to provide ad technology for their apps. Linden says that Lookout identified “between 5 and 10” mobile ad companies whose technology made apps act like adware and advised them in advance that Lookout was to begin encouraging people to uninstall apps with their technology included. Some changed their practices, says Linden, but five did not. Those companies are LeadBolt, Moolah Media, RevMob, SellARing, SendDroid. Those contacted for comment did not respond by the time this post was published.

Linden says that Lookout believes the ad industry should agree on a set of standard practices for mobile ads and offers its own guidelines as a starting point. The Digital Advertising Alliance, an industry group, is already working on mobile privacy guidelines for its members, but didn’t respond to a request for comment on Lookout’s new effort to warn users of what it thinks are unacceptable advertising tactics.

Lookout isn’t yet introducing similar oversight of ad-supported apps on Apple devices. However, a study presented this week by researchers at University of California, San Diego suggests it is needed (see “Many iPhone Apps Defy Apple Privacy Advice”).

That research was enabled by an app called ProtectMyPrivacy that allows people to selectively choose what data apps can access. Crowdsourced recommendations of what to allow and block for specific apps make using the app easy, but it only works on “jailbroken” Apple devices modified to remove Apple’s restrictions on apps examining one another’s behavior. A request to distribute a version through Apple’s app store that simply told people what ProtectMyPrivacy had uncovered was blocked by Apple. You can find that data on ProtectMyPrivacy’s website instead.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Premium.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.