The Hacker News Logo
Subscribe to Newsletter

Android Adware abusing permissions, Collecting more than they need

So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part downloading the right apps to boost its functionality. Android gives you the freedom to personalize your device, which has made it attractive to those who want their smartphones to be as unique as possible

"Many apps will ask you to grant them network access so they can download updates. Others seek permission to read your phone’s state and identity so calls won't disrupt them from doing what they're doing. Unfortunately, these permissions can be abused for criminal intentions." Trendmicro said in report.

Before android applications was abusing permissions to access user's personal data, but now new generations of adware targeting Android smartphones are increasingly violating user privacy by grabbing personal information and using it without permission.

Adware is software that is used to gather information about the users. This information is sent to advertising agencies who are the people who planted the adware in the first place. Adware displays an advertisement in the form of pop ups or text messages. When you click on the advertisement, you will be redirected to a browser that will open the link to the advertisers’ site. When you visit the site, your data will be logged into the advertisers’ server. We have no way of ensuring that adware is within its legal limitations while collecting data about you. The procedure is very simple. 

Although most adware is designed to collect some user information, the line between legitimate data gathering and violating privacy is starting to blur.  The process becomes a privacy issue when app developers take more information than they originally asked for and then sell it to ad networks.
Here is a list of the data leaked from the Android device and sent to the servers of the company behind this module:
  • The device’s IP address on all interfaces (i.e., both WiFi and mobile network)
  • The device’s ANDROID_ID (unique 64-bit identifier for the device)
  • The Android OS version
  • The user’s location, as determined by GPS
  • The user’s mobile network and their country code
  • The user’s phone number
  • The device’s unique ID (their IMEI, MEID, or ESN)
  • The device’s manufacturer and version
Based on information from MARS and Google Play, at least 7,000 free apps use this particular advertising module. 80% of them are still available, and at least 10% of them have been downloaded more than one million times.

In addition to taking the user’s personal information, these ads also display advertising in particularly annoying ways. Either notifications or an icon on the device’s home screen are used to serve ads to users. Users should be careful about all mobile apps they download, wherever they come from.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.