Mobile Apps With Ads Called Security Risk


RALEIGH, N.C. (UPI) — Mobile applications that contain ads may be creating privacy and security risks for cellphone users, U.S. researchers say.

In a study of 100,000 apps in the official Google Play market, researchers at North Carolina State University reported more than half contained so-called ad libraries, and hundreds of the apps included aggressive ad libraries that could download and run code from remote servers.

“Running code downloaded from the Internet is problematic because the code could be anything,” computer scientist Xuxian Jiang said. “For example, it could potentially launch a ‘root exploit’ attack to take control of your phone — as demonstrated in a recently discovered piece of Android malware called RootSmart.”

To generate revenue, many free apps incorporate “in-app ad libraries” provided by Google, Apple or other third-parties that retrieve advertisements from remote servers and run the ads on a user’s smartphone. Every time an ad runs, the app developer receives a payment.

The problem arises because ad libraries receive the same permissions the user granted to the app itself when it was installed, regardless of whether the user was aware of granting permissions to the library.

Jiang said some apps use libraries “that made use of an unsafe mechanism to fetch and run code from the Internet — a behavior that is not necessary for their mission, yet has troubling privacy and security implications.”

Hackers could use the libraries to bypass existing Android security efforts, he said, since the app itself may be harmless and won’t trigger any security concerns — but its ad library may download harmful or invasive code after installation.

UPI - United Press International, Inc.

Since 1907, United Press International (UPI) has been a leading provider of critical information to media outlets, businesses, governments and researchers worldwide.

Join the Discussion

Comment Policy: We encourage an open discussion with a wide range of viewpoints, even extreme ones, but we will not tolerate racism, profanity or slanderous comments toward the author(s) or comment participants. Make your case passionately, but civilly. Please don't stoop to name calling. We use filters for spam protection. If your comment does not appear, it is likely because it violates the above policy or contains links or language typical of spam. We reserve the right to remove comments at our discretion.