Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mobile Ads May Serve As a Malware Conduit

Posted by timothy on from the send-you-this-advert-to-have-your-advice dept.

alphadogg writes with this excerpt from Network World: "Many mobile apps include ads that can threaten users' privacy and network security, according to North Carolina State University researchers. The National Science Foundation-funded researchers studied 100,000 apps in Google Play (formerly Android Market) and found that more than half contained ad libraries, nearly 300 of which were enabled to grab code from remote servers that could give malware and hackers a way into your smartphone or tablet. 'Running code downloaded from the Internet is problematic because the code could be anything,' says Xuxian Jiang, an assistant professor of computer science at NC State."

4 of 79 comments (clear)

  1. Re:Solution by vlm · · Score: 4, Informative

    Don't like it? Don't use it.

    So far so good with this app called "adfree". Which was free. Any /. opinions on which blockers work better? Do I already have the best?
    All its doing (so far as I know) is the 1990s desktop era technique of putting certain hostnames in the /etc/hosts file, so at the ip addrs level its blocking entire hostnames.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  2. Droid Wall by nullchar · · Score: 4, Informative

    Got root?

    An iptables front-end on Android. Droid Wall is sweet: https://play.google.com/store/apps/details?id=com.googlecode.droidwall.free

    As each android app runs as a separate uid, it makes it easy to block net access app-by-app. The problem, of course, is when the app you don't really trust needs net access for a real reason. Sometimes you can allow net access, let the app do it's thing, then revoke it so it's not background connecting all the time.

    Also the ability to set some apps wifi-only and others 3G-only is pretty handy. This saves hours of battery life.

    1. Re:Droid Wall by ciscoguy01 · · Score: 3, Informative

      And that background data that all those apps seem to want to use costs you money in this day of metered data.
      It's easily possible for apps you never ever use to leak data day after day day, downloading ads you never see. This could make you go over your allotment from your cellular carrier and they will bill you for the overage.
      All for nothing.
      You never even saw those cool ads you downloaded!
      Root your phone and put a big hosts table in there.

      But, someone will say, "If you don't let them download and show you ads they won't be able to make those cool apps for free."
      Sorry, if showing ads to someone who doesn't want to look at them is your business model and it stops working, you will have to either get a business model that works or go out of business.
      I have been to websites that contained a warning "You are blocking ads, you may not use our website. Unblock our ads before you come back here".
      Sounds like a website to stay away from to me.

      --
      .
  3. As an app author I get lots of spam by DrXym · · Score: 4, Informative
    I use AdMob as my ad provider (consequently bought out by Google) and feel reasonably confident that they vet their ads and the chance of malware is is relatively low risk. Even if one slipped past my app only runs with internet permissions which limits what it could do. The most dangerous thing an ad might do is take a user out of my app into a web browser and from their somehow their phone is infect. But I'm being as responsible as I can to avoid that.

    This isn't pure altruism but simply because I don't want my app tainted by scummy annoying ads or malware. I get a lot of spam from alternative ad providers with a hook such as I can earn 10x as much money by using their service. But a cursory glance at their marketing blurb leads me to conclude that their business is usually derived from enticing users to take surveys, 30 day trials and run other apps and all with far broader permissions such as read/write from SD, GPS location and so on. One advertiser worryingly also says they install "ad icons" on the user's phone meaning that my app would have to have ask for a pile of permissions just to enable this crap and it wouldn't be for the user's benefit.

    So as a responsible developer I stick with AdMob. But I can see how the danger is there. My advice for end users is only install apps which ask for a minimal set of permissions and uninstall apps which start serving annoying or dodgy content. Perhaps it won't stop attacks occurring but at least it means they won't be occurring for people exercising some restraint and common sense.