If you are using a wireless device running on the Android operating system and you open an “app” that includes mobile ads, watch out – you may be at risk.
Researchers at NC State say the inclusion of ads in mobile applications found at Google Play’s Android market opened up users’ devices to malicious code. Google Play is the new name for the Google Android marketplace.
A study found that nearly half of 100,000 apps included “ad libraries.” And of those 297 included what NCSU called “aggressive ad libraries” which were “enabled to download and run code from remote servers,” thus triggering privacy and security concerns.
Nearly 50,000 apps tracked a user’s location by GPS, and of those more than 4,000 allowed advertisers to access the GPS data.
“Running code downloaded from the Internet is problematic because the code could be anything,” says Dr. Xuxian Jiang, an assistant professor of computer science at NCSU who is co-author of the report. “For example, it could potentially launch a ‘root exploit’ attack to take control of your phone – as demonstrated in a recently discovered piece of Android malware called RootSmart.”
The report is not the first from Jiang raising security concerns about mobile devices.
Last November, Jiang said that features incorporated into the phones to make them more user friendly also increase their vulnerability. Android-equipped smartphones are the world’s most popular. (Read details here.)
Last April, the Jiang team unveiled software that helps Android smartphone users prevent their personal information from being stolen by hackers. (Read more here.)
The apps like to ads that when run on the device trigger a payment to the advertiser.
“This poses potential problems because the ad libraries receive the same permissions that the user granted to the app itself when it was installed – regardless of whether the user was aware he or she was granting permissions to the ad library,” NCSU says.
Apps also enabled access to user call logs, phone numbers and lists of apps stored on the phones.
Hackers could use the ad libraries to avoid Android security measures, Jiang said.
“To limit exposure to these risks, we need to isolate ad libraries from apps and make sure they don’t have the same permissions,” Jiang explained. “The current model of directly embedding ad libraries in mobile apps does make it convenient for app developers, but also fundamentally introduces privacy and security risks. The best solution would be for Google, Apple and other mobile platform providers to take the lead in providing effective ad-isolation mechanisms.”
Read the study here.
Get the latest news alerts: Follow WRAL Tech Wire at Twitter.