When it comes to free apps for Android smartphones, it’s downloader beware. According to new information from security firm Symantec, as well as other reports, free apps for Google’s Android platform deliver far more than they indicate.
Symantec recently noted on its official blog that some free Android apps employ an “aggressive” advertising approach that may not be understood by users of those apps. It cited one mobile ad company, Airpush, that uses free apps to place ads in the Android notification bar where users otherwise find alerts about missed messages or phone calls.
Hiding from Detectors
But, Symantec noted, the notification bar in the most common versions of the open source operating system does not show which app generated that ad or how to stop the ads. The security firm said that, in response to this situation, Google and Airpush have at least begun to link some of the ads directly to their apps. There has also been a trend among app publishers to better describe the ads delivered through their apps, so as to adequately inform a potential user before downloading.
However, Symantec said that some app developers have been modifying the Airpush referring string to hide their connection to that company’s ad network. The number of apps engaging in that deceptive practice is now increasing, Symantec said, and reaches into the thousands.
Symantec noted that its Norton Spot anti-ad spam product and similar offerings from competitors alert users as to which apps use Airpush or other ad platforms. But, Symantec reports, Airpush has started implementing a new method that hides their module in the apps from most ad network detector tools, although Symantec says Norton Spot is not affected.
The Symantec warning is only the latest about security, privacy and annoyance issues surrounding free Android apps. Earlier this month, for instance, Juniper Network’s Mobile Threat Center, which audited 1.7 million apps over 18 months in 2011 and 2012, reported that many free apps “collect information or require permissions unnecessary for the described functionality of the app.”
Juniper said that, while some Android apps use location data to provide personalized local ads, there were substantially more apps collecting that information than providing ads. The report did not determine what the non-ad-offering apps were doing with that location information.
The report also found that some free Android apps were secretly initiating calls in the background, accessing user address books, silently sending text messages, or accessing the device’s camera -- often without the user’s permission.