Adware: Interrupting you while compromising your privacy

Week4_Infographic_FINAL_600px

In this 4-part series you’ll learn why mobile security matters. We’ll explain common threats, debunk myths, and give you the tools to protect your phone and data — all while speaking a language you still understand. This is part three. Stay tuned for next week’s chapter on root enablers.

We love our smartphones. In the midst of our chaotic, busy lives, they afford us convenience. Instead of making a 10-minute detour to the bank on your morning commute, you open a banking app and deposit your check online. Missed the bus to work? No problem! Use an app and before you know it, a ride is outside your door.

It’s annoying, then when an app serves up aggressive, obtrusive advertisements that interrupt our phone usage — sometimes when the app isn’t even open. It’s even more concerning when that app starts taking information from you, like your contacts, location, or phone’s unique identifier (IMEI).

Adware is guilty of exactly this.

What is adware?

Unlike benign, legitimate ads, adware hinders your user experience and puts your privacy at risk. Once on your phone, adware serves up, well, ads. These ads are often pop-up style that can take over the full screen and interrupt your experience of the phone. Image enjoying an article or writing an important email, only to be interrupted by ads to download games, gamble, or buy some annoying product.

In addition to being a nuisance, some adware collect excessive personal information from your phone including your IMEI, contact lists, and location, often without explicit consent. Is it being sold to identity thieves? Has your contact list become the target of a spam campaign? Once your information has been taken, you don’t know where it’s being sent or if it’s being protected, which is a big problem.

Not all ads are bad

Although we’ve become accustomed to turning up our noses to ads, the truth is that they fuel the app ecosystem. Mobile ad spend is predicted to reach $100 billion in 2016, accounting for more than 50 percent of digital ad expenditure, according to eMarketer.

Ads allow app developers to monetize their hard work, and in return, make it possible for you to download millions of free apps. While the large majority of ads fall within legal boundaries, the problem comes into play when the bad guys abuse this relationship.

How do you identify a good ad from a malicious one?

In 2013, adware reached its pinnacle, becoming more present than ever before. Apps riddled with adware made regular appearances in official app marketplaces, like Google Play, and its reach was global.  

In response to the growing threat, Lookout developed a set of advertising guidelines to help direct the industry in its classification of adware, recommending that offending ad networks be flagged as hostile to the user.

There are a variety of behaviors that escalate an annoying ad to an intrusive one. Similar to  spyware, adware operates in a “grey zone,” becoming malicious in the way it’s used. Ad networks fall out of the “grey zone” and become adware once they perform one of the following actions without gaining your consent:

  1. Harvest personally identifiable information. Certain apps require some of your personal information to function properly. For example, Google Maps needs your location to help you get where you’re going. On the other hand, you may wonder why an app like T-Rex Puzzle is accessing your location and a handful of other personal data. Some apps and ad networks abuse this relationship and collect excessive amounts of information that is not needed for the app to perform as stated without explicitly gaining your permission. Legitimate ad networks use this data to deliver you more targeted ads. However, you must be clearly notified and actionably consent to the collection of your data under any circumstance.
  1. Displaying ads outside of an app on your phone. There are multiple ways advertisers deliver ads on your phone. Advertisements appear quite frequently within apps and you think nothing of it. However, when an ad is served outside the context of an individual app, in the form of a push notification for example, you should know where that ad came from.
  1. Modifying your phone’s settings. Once on your phone, certain types of adware elect to place new icons or shortcuts on your mobile desktop to better serve you ads. In some advanced cases, adware has been known to hide the app icon in order to become more challenging to detect. In other words, how can you remove adware from your phone if it visually doesn’t exist?
How adware is changing today

In September 2013, Google updated the Play Store terms and conditions, culling around 36,000 apps containing ad networks which broke the rules. Since then, we’ve seen instances of adware decline, but its sophistication has only increased.

Most recently, we observed a new trend in which adware becomes trojanized, meaning it masquerades as legitimate and popular apps. In this instance, over 20,000 samples of adware were caught impersonating top apps such as Candy Crush, Facebook, Snapchat, Twitter, and many more. With intentions of fooling you into downloading a fake version of the app, malware authors inserted malicious code into the real app and made it readily available in third-party app stores.

Once installed, these malicious apps gain root access to your phone without you knowing and install themselves as system applications. This makes removal extremely difficult, most often forcing you to purchase a new phone to obtain normal use again. Although adware continues to evolve and take new shape, the threat to your privacy remains constant.

Keeping your privacy + defending against adware

Adware can be avoided with a few steps:

Pay attention to app reviews and ratings. Far too often, people bypass app reviews and head straight for the download button. App reviews and ratings can actually give you some great information about what you’re downloading. If an app is riddled with adware, many time people will leave comments that say things like, “Really annoying! Too many ads!” Go back a few pages in the reviews, just in case some of the bad ones have been “buried.”

Know the developer. You can also do a little research on the developer and make sure they’re reputable. What other apps has she built and what kinds of ratings do they have? If you don’t know or trust a developer, and you think the reviews are questionable, it’s probably best to not download that app.

Familiarize yourself with app permissions. Think of permissions as the information or capabilities a given app has access to. For example, before you install an app, you are prompted with a list of permissions the app would like to use. It could be your location, contact list, photos, phone number, the list goes on.

This is why it’s important to pay attention to during the app download and setup process. If you feel that an app’s use of your information is questionable, it may save you from downloading a threat like adware.

To manage app permissions on your phone:

  • Android: Settings > Apps > Select from apps > Permissions
  • iPhone: Settings > Select an apps > View what you “allow “X app” to access

Activate a mobile security app, like Lookout. It can check the apps you’re downloading and alerts you if they’re actually a threat. Lookout’s Privacy Advisor makes you aware of all the permissions the apps on your phone access, as well. If you’re unaware or uncomfortable with any of your information being used, you can take action directly from the app and choose to uninstall.

Screen Shot 2016-06-02 at 10.47.21 AMScreen Shot 2016-06-02 at 10.47.33 AM