Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mobile Ads May Serve As a Malware Conduit

Posted by timothy on from the send-you-this-advert-to-have-your-advice dept.

alphadogg writes with this excerpt from Network World: "Many mobile apps include ads that can threaten users' privacy and network security, according to North Carolina State University researchers. The National Science Foundation-funded researchers studied 100,000 apps in Google Play (formerly Android Market) and found that more than half contained ad libraries, nearly 300 of which were enabled to grab code from remote servers that could give malware and hackers a way into your smartphone or tablet. 'Running code downloaded from the Internet is problematic because the code could be anything,' says Xuxian Jiang, an assistant professor of computer science at NC State."

10 of 79 comments (clear)

  1. Sponsored by Symantec and McAfee by iserlohn · · Score: 2

    Please buy our products!

    --
    :. Ultimate Control Dedicated/VM Servers
  2. Re:Solution by vlm · · Score: 4, Informative

    Don't like it? Don't use it.

    So far so good with this app called "adfree". Which was free. Any /. opinions on which blockers work better? Do I already have the best?
    All its doing (so far as I know) is the 1990s desktop era technique of putting certain hostnames in the /etc/hosts file, so at the ip addrs level its blocking entire hostnames.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  3. ad block effect by vlm · · Score: 4, Interesting

    I suspect the "ad block effect" that I'm used to from years of firefox will exist on android very soon. "(shock amazement) Thats what the unfiltered internet looks like now? how can anyone use that? (insert more shock amazement)"

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  4. Re:Anything like adblock by fuzzyfuzzyfungus · · Score: 4, Interesting

    If you have root access, the underlying linux(while spare) isn't terribly alien, fucking with DNS would be a definite option). If not, You Are Product.

  5. Adware? Malware? What's the difference? by KiloByte · · Score: 4, Interesting

    Wasn't it the case just several years ago that "adware" and "malware" were considered to be mostly synonyms? I don't see why, just because the plarform changed, they would behave any differently. You're back to the Bonzi Buddy "goodness".

    I just stay away from any "App Stores" and "Foo Markets". A Debian chroot (when there are no native builds) means the code I run can be trusted.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  6. Droid Wall by nullchar · · Score: 4, Informative

    Got root?

    An iptables front-end on Android. Droid Wall is sweet: https://play.google.com/store/apps/details?id=com.googlecode.droidwall.free

    As each android app runs as a separate uid, it makes it easy to block net access app-by-app. The problem, of course, is when the app you don't really trust needs net access for a real reason. Sometimes you can allow net access, let the app do it's thing, then revoke it so it's not background connecting all the time.

    Also the ability to set some apps wifi-only and others 3G-only is pretty handy. This saves hours of battery life.

    1. Re:Droid Wall by ciscoguy01 · · Score: 3, Informative

      And that background data that all those apps seem to want to use costs you money in this day of metered data.
      It's easily possible for apps you never ever use to leak data day after day day, downloading ads you never see. This could make you go over your allotment from your cellular carrier and they will bill you for the overage.
      All for nothing.
      You never even saw those cool ads you downloaded!
      Root your phone and put a big hosts table in there.

      But, someone will say, "If you don't let them download and show you ads they won't be able to make those cool apps for free."
      Sorry, if showing ads to someone who doesn't want to look at them is your business model and it stops working, you will have to either get a business model that works or go out of business.
      I have been to websites that contained a warning "You are blocking ads, you may not use our website. Unblock our ads before you come back here".
      Sounds like a website to stay away from to me.

      --
      .
    2. Re:Droid Wall by blackest_k · · Score: 2

      Actually it makes sense to pay for good apps on android. My mobile operator three.ie (hutchinson telecom) gives me free unlimited data for 30 days when I top up by 20 euro (and an extra 10 euro credit), which is good but when that 30 days expires I then start to pay for data a couple of days ago I get a text telling me i've used 5 euro odd on data. That is pretty much down to ads being downloaded.

      Wouldn't I have been better off to buy the ad free version of the app rather than paying for data I didn't want or need? That excess data charge could have paid for maybe 2 or more apps, most apps seem to be priced from 99 cent to 3 or 4 euro.

      For some reason debit cards are not accepted for most online purchases, so i use prepaid credit cards which are fairly inexpensive but usually end up with 2 or 3 euro credit that gets eaten by the card provider transferring to a new card costs about 2.50 or a balance remaining costs 1.50 a month till it reaches 0 so again it is worth paying for an app with these useless bits of money.

      not every app is worth buying but i have bought quite a few, and I intend to keep doing so especially as it costs me less to buy them than the ad supported versions.

      --
      Blarney Quality Restaurant, Plants
  7. Re:Doesn't happen on the iPhone/iPad thank Jobs by JeanCroix · · Score: 2
    FTFA:

    One problem with ad libraries, which are served up via Google, Apple [emphasis mine] or other such companies, is that app users essentially give them the same access permissions as the apps themselves, allowing them to skirt standard security processes.

  8. As an app author I get lots of spam by DrXym · · Score: 4, Informative
    I use AdMob as my ad provider (consequently bought out by Google) and feel reasonably confident that they vet their ads and the chance of malware is is relatively low risk. Even if one slipped past my app only runs with internet permissions which limits what it could do. The most dangerous thing an ad might do is take a user out of my app into a web browser and from their somehow their phone is infect. But I'm being as responsible as I can to avoid that.

    This isn't pure altruism but simply because I don't want my app tainted by scummy annoying ads or malware. I get a lot of spam from alternative ad providers with a hook such as I can earn 10x as much money by using their service. But a cursory glance at their marketing blurb leads me to conclude that their business is usually derived from enticing users to take surveys, 30 day trials and run other apps and all with far broader permissions such as read/write from SD, GPS location and so on. One advertiser worryingly also says they install "ad icons" on the user's phone meaning that my app would have to have ask for a pile of permissions just to enable this crap and it wouldn't be for the user's benefit.

    So as a responsible developer I stick with AdMob. But I can see how the danger is there. My advice for end users is only install apps which ask for a minimal set of permissions and uninstall apps which start serving annoying or dodgy content. Perhaps it won't stop attacks occurring but at least it means they won't be occurring for people exercising some restraint and common sense.