“We have found around 1,845 applications which are flagged by one or more AV vendors as including adware,” said Viral Gandhi, security researcher at Zscaler ThreatLabZ, in a blog. “This is a big number. Most of the applications were flagged by AV vendors due to their excessive inclusion of ads and deceptive practices for delivering them, including altering device settings.”
Gandhi said that Google is willingly enabling the proliferation. For example, many anti-virus vendors flag the Airpush API as adware. Despite this fact, there are many apps within the Google Play store that include it.
“This illustrates the conflicting interests that Google and the AV vendors have,” he said. “It is in the best interests of Google to appease advertising companies. Google wants to encourage developers to expand offerings in their app store and developers often profit from free apps through advertising. Paid apps may also include advertising, in which case, Google takes a direct cut from the app proceeds. Therefore, Google has plenty of incentive to allow apps with aggressive advertising practices.”
AV vendors, on the other hand, have no such incentive but are instead under pressure to show they are adding value by identifying malicious, suspicious and/or unwanted content. As such, there is a big gap between Google and AV vendors when it comes to adware.
“Ultimately, end-users are stuck in the middle as they are left to decide if they will keep or delete the apps being flagged,” Gandhi said.
Other adware commonly flagged by AV vendors includes Leadbolt, Airmob, and Plankton.
“The excessive use of advertisements can negatively impact customer privacy and result in a negative user experience,” Gandhi noted. “On the other hand, advertisements are necessary for app developers looking to earn money when providing free apps.”
However, there are some guidelines that developers should look to when building ad engines into software. Any API for software that harvests excessive personally identifiable information, performs unexpected actions in response to ad clicks without appropriate user consent, collects IMEI numbers, UDIDs or MAC addresses, initiates phone calls and SMS messages without consent or leaks any type of personal information should be avoided.
“Hopefully Google and the AV vendors can reach a compromise in this ongoing adware battle as at present, end users are paying the price,” Gandhi concluded.