Gap between Google Play and AV vendors on adware classification

By   ISBuzz Team
Writer , Information Security Buzz | Aug 09, 2013 04:07 am PST

Call it insult to injury: Android users are used to being frequent malware targets, but they have other security issues to consider as well. Adware – that annoying, intrusive form of spyware that collects information about a user in order to display advertisements within an application or webpage – infests more than a fifth (22%) of the top apps in the Google Play store.

“We have found around 1,845 applications which are flagged by one or more AV vendors as including adware,” said Viral Gandhi, security researcher at Zscaler ThreatLabZ, in a blog. “This is a big number. Most of the applications were flagged by AV vendors due to their excessive inclusion of ads and deceptive practices for delivering them, including altering device settings.”

Gandhi said that Google is willingly enabling the proliferation. For example, many anti-virus vendors flag the Airpush API as adware. Despite this fact, there are many apps within the Google Play store that include it.

“This illustrates the conflicting interests that Google and the AV vendors have,” he said. “It is in the best interests of Google to appease advertising companies. Google wants to encourage developers to expand offerings in their app store and developers often profit from free apps through advertising. Paid apps may also include advertising, in which case, Google takes a direct cut from the app proceeds. Therefore, Google has plenty of incentive to allow apps with aggressive advertising practices.”

AV vendors, on the other hand, have no such incentive but are instead under pressure to show they are adding value by identifying malicious, suspicious and/or unwanted content. As such, there is a big gap between Google and AV vendors when it comes to adware.

“Ultimately, end-users are stuck in the middle as they are left to decide if they will keep or delete the apps being flagged,” Gandhi said.

Other adware commonly flagged by AV vendors includes Leadbolt, Airmob, and Plankton.

“The excessive use of advertisements can negatively impact customer privacy and result in a negative user experience,” Gandhi noted. “On the other hand, advertisements are necessary for app developers looking to earn money when providing free apps.”

However, there are some guidelines that developers should look to when building ad engines into software. Any API for software that harvests excessive personally identifiable information, performs unexpected actions in response to ad clicks without appropriate user consent, collects IMEI numbers, UDIDs or MAC addresses, initiates phone calls and SMS messages without consent or leaks any type of personal information should be avoided.

“Hopefully Google and the AV vendors can reach a compromise in this ongoing adware battle as at present, end users are paying the price,” Gandhi concluded.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x