"Many apps will ask you to grant them network access so they can download updates. Others seek permission to read your phone's state and identity so calls won't disrupt them from doing what they're doing. Unfortunately, these permissions can be abused for criminal intentions." Trendmicro said in report.
Before android applications was abusing permissions to access user's personal data, but now new generations of adware targeting Android smartphones are increasingly violating user privacy by grabbing personal information and using it without permission.
Adware is software that is used to gather information about the users. This information is sent to advertising agencies who are the people who planted the adware in the first place. Adware displays an advertisement in the form of pop ups or text messages. When you click on the advertisement, you will be redirected to a browser that will open the link to the advertisers' site. When you visit the site, your data will be logged into the advertisers' server. We have no way of ensuring that adware is within its legal limitations while collecting data about you. The procedure is very simple.
Although most adware is designed to collect some user information, the line between legitimate data gathering and violating privacy is starting to blur. The process becomes a privacy issue when app developers take more information than they originally asked for and then sell it to ad networks.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
Here is a list of the data leaked from the Android device and sent to the servers of the company behind this module:
- The device's IP address on all interfaces (i.e., both WiFi and mobile network)
- The device's ANDROID_ID (unique 64-bit identifier for the device)
- The Android OS version
- The user's location, as determined by GPS
- The user's mobile network and their country code
- The user's phone number
- The device's unique ID (their IMEI, MEID, or ESN)
- The device's manufacturer and version
Based on information from MARS and Google Play, at least 7,000 free apps use this particular advertising module. 80% of them are still available, and at least 10% of them have been downloaded more than one million times.
In addition to taking the user's personal information, these ads also display advertising in particularly annoying ways. Either notifications or an icon on the device's home screen are used to serve ads to users. Users should be careful about all mobile apps they download, wherever they come from.