Including ads in mobile apps poses privacy, security risks: study
02 Apr 2012
Researchers from North Carolina State University have found that including ads in mobile applications (apps) poses privacy and security risks. In a recent study of 100,000 apps in the official Google Play market, researchers noticed that more than half contained so-called ad libraries.
And 297 of the apps included aggressive ad libraries that were enabled to download and run code from remote servers – which raises significant privacy and security concerns.
In recent years, there has been explosive growth in smartphone sales, which is accompanied with the availability of a huge number of smartphone applications (or simply apps).
End users or consumers are attracted by the many interesting features offered by these devices and the associated apps. The developers of these apps are also benefited by the prospect of financial compensation, either by selling their apps directly or by embedding one of the many ad libraries available on smartphone platforms.
''Running code downloaded from the internet is problematic because the code could be anything,'' says Dr. Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper describing the work. ''For example, it could potentially launch a 'root exploit' attack to take control of your phone – as demonstrated in a recently discovered piece of Android malware called RootSmart.''
In Google Play (formerly known as the Android Market) and other markets, many developers offer free apps. To generate revenue, these app developers incorporate ''in-app ad libraries,'' which are provided by Google, Apple or other third-parties. These ad libraries retrieve advertisements from remote servers and run the ads on a user's smartphone periodically. Every time an ad runs, the app developer receives a payment.