Reports are circulating that more than 7,000 free Android apps available through the Google Play store come embedded with an advertising module which is actively harvesting usage and personal details.
The initial discovery was made by Tend Micro senior researcher Alice Decker when she inadvertently downloaded one such app, a fake Flash Player from Google’s official Android market, and received a warning about its malicious nature from her company’s own security app:
It was only after consultations with a colleague that the full extent of the issue was subsequently uncovered. Apart from pushing ads, the built-in adware module also transmits user information to the module creators’ servers, such as; phone number, location, account details, calender and browser bookmarks, IP address and device ID.
Ms. Decker has detailed her findings in a TrendLabs blog post, including the following dire warning:
Downloading malware is one of my former hobbies; however it never occurred to me that I would get it unexpectedly and without warning from an official and safe source such as Google Play.
Ms. Decker goes on to say that of the [at least] 7,000 apps which include this advertising module; 80% are still available, and at least 10% have been downloaded more than one million times.
Naturally enough, Trend Micro considers this a ‘dangerous’ module and treats it accordingly:
Because of the huge amount of information leaked from the mobile device, Trend Micro considers it to be as a dangerous module, as it compromises both privacy and the device usability. Because of this, many apps in Google Play – which include the full features of the advertising module – are considered by Trend Micro as aggressive adware.
And finally, this sound advice:
Users should be careful about all mobile apps they download, wherever they come from. This is particularly true for “free” apps, where in effect your information becomes payment for the app. For some people, this may be a worthwhile tradeoff – but this is something every user should decide for themselves, with a full appreciation of what is given up in return for something “free”.
Ain’t it the truth! In the modern world of the internet, something for nothing is fast becoming a fallacious concept, there is generally a trade-off of some kind involved.