Monday, August 12, 2013

Android adware

Zscaler ThreatLab has a interesting report on adware in Android, and the discrepancy in detection rates between AV companies.
Google has plenty of incentive to allow apps with aggressive advertising practices. AV vendors on the other hand have no such incentive but are instead under pressure to show that they are adding value by identifying malicious/suspicious/unwanted content. As such, there is a big gap between Google and AV vendors when it comes to adware. Ultimately, end users are stuck in the middle as they are left to decide if they will keep or delete the apps being flagged.
Zscaler reference Lookout in creating a definition of unacceptable behaviour in adware:
  • Harvests excessive personally identifiable information
  • Performs unexpected actions in response to ad clicks without appropriate user consent (appropriate user consent entails providing a clear alert in the application that the user can accept or decline before any behavior takes place)
  • Collects IMEI numbers, UDIDs or MAC addresses
  • Initiating phone calls and SMS messages
  • Changing wallpaper and ringtones
  • Leaks location information
  • Leaks email addresses
  • Leaks personal information such as contacts, birthdays, calendar appointments, etc
At the moment, as the Zscaler report highlights, Google may be allowing apps that exhibit unacceptable behaviour on Google Play, but AV companies are not consistent in their definition of what constitutes unacceptable behaviour, and it is left to the user to make a decision about what to install.

In relevant other news, Google has acquired VirusTotal, which, coincidentally or not, is now available as an Android app, so the paranoid Android user may check to see if any AV company detects their apps as adware or other malware.

Hat tip: GOT2.ME

No comments:

Post a Comment