Some Android applications contain adware that regularly exposes user's personal information, consistent with a brand new study by researchers at North Carolina State University that documents how Android app ad libraries tap into unnecessary data.
These results clearly show the will for better regulating the manner ad libraries are integrated in Android apps.
Ad libraries contained in lots of freely available Android applications allow advertisers to access information contained on mobile devices. The info is sometimes unnecessary for the ads to operate properly, in line with the research, which was conducted with a German research team from Technical University Darmstadt.
The research team examined 100,000 applications from Google Play, formerly referred to as the Android Market, and the ad libraries contained within them. A hundred different Android ad libraries were contained within 52.1% of the apps chosen.
“Our results show that almost all existing ad libraries collect private information,†the report, entitled “Unsafe Exposure Analysis of Mobile In-App Advertisements,†stated. (.pdf) That private information could be anything from the user's phone number to browser bookmarks at the device.
Ads are wide-spread by Android developers in free mobile apps a good way to make a profit. Android adware have been identified as a possible problem by security experts and privacy advocates. Many users don't mind being shown ads in exchange for a free app, but experts say users might reconsider using them in the event that they knew those ads are accessing the identical privileges because the apps themselves.
While it can be necessary for an application or perhaps an advertiser to have access to a smartphone's GPS location, it's obscure why advertisers need access to the user's phone number, call log, contacts, or a listing of alternative apps at the device, based on the researchers.
“Moreover,†the report detailed, “additional ones go a step further by employing an unsafe mechanism to directly fetch and run code from the web, which straight away results in serious security risks.â€
Five of the libraries identified had a feature that allowed them to load code at runtime, which may be particularly dangerous, in keeping with the study.
“These ad libraries are effectively impossible to statically analyze therefore; at a whim, their code may be changed. A malicious or compromised ad network could command its ad libraries to download a botnet payload or root exploit, as an instance,†the report stated.
One particular case that was found to fetch and cargo suspicious payloads was reported to Google throughout the process the study. The seven applications found to contain that library were removed from the Android Market. That action shows the seriousness of those privacy concerns.
“These results clearly show the desire for better regulating the way in which ad libraries are integrated in Android apps,†the report said.
Nessun commento:
Posta un commento
Comments links could be nofollow free