Many mobile apps include ads that can threaten users' privacy and network security, according to North Carolina State University researchers.
The National Science Foundation-funded researchers studied 100,000 apps in Google Play (formerly Android Market) and found that more than half contained ad libraries, nearly 300 of which were enabled to grab code from remote servers that could give malware and hackers a way into your smartphone or tablet.
"Running code downloaded from the internet is problematic because the code could be anything," says Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper titled "Unsafe Exposure Analysis of Mobile In-App Advertisements." "For example, it could potentially launch a 'root exploit' attack to take control of your phone -- as demonstrated in a recently discovered piece of Android malware called RootSmart."
Apps that feature ad libraries are attractive in that they enable developers to provide apps for free, but the ad delivery process can open up users to privacy and security risks, according to Jiang, whose mobile- and Android-focused research we've covered in the past (See "Researchers use Woodpecker to single out vulnerable Android phones"). One problem with ad libraries, which are served up via Google, Apple or other such companies, is that app users essentially give them the same access permissions as the apps themselves, allowing them to skirt standard security processes.
It turns out that about half the ad libraries could track a user's location via GPS, and 1 in 23.4 apps used ad libraries that let advertisers themselves access a user's location via GPS.
Jiang says that even though it is convenient to house the ad libraries in mobile apps, a way to isolate the libraries needs to be created in order to improve security and privacy.