This is a potential problem highlighted in a new FTC report: Mobile Apps for Kids: Current Privacy Disclosures are Disappointing. The main problem is that app stores do not appear to require developers to disclose in-app advertising in their promotional pages. While some developers attempt to explain the advertising process, it is difficult for parents to be sure what data is collected, where it is sent, and what use is made of it.
“The existence of advertising within an app may be significant to parents for several reasons,” says the report. Firstly, parents may wish to limit the data collected from their children; secondly, parents may wish to limit children’s exposure to certain ads; and thirdly, the ads themselves might offer phone numbers that parents would prefer their children not to use. The FTC report concludes that app developers and the app stores “must do more to ensure that parents have access to clear, concise and timely information about the apps they download for their children.” It hopes “that this report will spur greater transparency and meaningful disclosure about the data collection practices in apps for children.”
In reality, the problem is worse than the report suggests and not likely to be solved by hopes and wishes. A few weeks ago Symantec caused a furore by defining an aggressive advertising add-on as a virus (Counterclank). Symantec said that the add-on behaved like a virus, while Google said it obeyed its terms of service. Add to this the potential for malvertising (apparently innocuous advertisements actually diverting the user to a malicious website) and the problem can be seen in its real context: large and worsening.
It is an issue that has been monitored for some time by Lookout Labs, a San Francisco based mobile security company. It has released its own app to help counter the problem: Ad Network Detector. Its function is to analyze installed apps and look for connections to certain ad networks. Currently it detects 35 mainstream ad networks and gives the user information about those networks. “With easy access to this information, you’ll be able to decide whether you want to keep the app that has certain ad networks on your phone,” says Lookout.
It’s an ongoing project. “It is in no way a complete capture of all of the ad networks out there,” Derek Halliday, Lookout’s senior security product manager told Infosecurity. “We’re continuing to investigate the mobile ecosystem, as it's ever-changing and rapidly growing, and as we discover new ad networks that are important for people to know about, we plan to add them to the detection scope.”