For the price of “free,” most of us are willing to put up with a few ads in our apps. But as we saw in the PC world, the free-for-all mobile ad industry is evolving to do much more than serve annoying banner ads.
According to mobile security firm Lookout Mobile, about five percent of Android apps contain what it calls an “aggressive ad network”—an intrusive mobile ad network that toes the line between legitimate software and actual malware. Behaviors of these networks include collecting excessive amounts of data, installing bookmarks in your browser without your knowledge, and spamming your Notifications Bar.
Even if you’re willing to put up with the spam and extra icons, aggressive mobile ad networks will take a toll on your device as well. Mobile ads and push notifications significantly drain your battery life; a recent study from Microsoft said using a free, ad-monetized app can account for up to 75 percent of battery drain.
Furthermore, as we’ve seen from PC-based adware, mobile adware can easily morph into spyware, which is outright malicious. Spyware is an additional program that gets installed with adware unbeknownst to the you, and collects and transmits data without permission.
Aggressive Ad Networks Lead to “Sketchy” AppsAn oft-cited example of an aggressive ad network is Apperhand. Back in January, Apperhand was spotted in dozens of free apps and was so aggressive that Symantec initially classified it as malware (but later retracted).
It was an easy mistake to make. The Apperhand SDK contained code that added search icons to your desktop, added bookmarks without your knowledge, and pushed out ads through your Notifications Bar. Less noticeable, Apperhand also re-routed searches conducted within a mobile browser to another search engine, one that paid Apperhand for each search. Sketchy stuff.
Aggressive ad networks are careless about data privacy too, and many have obscure or no privacy policies. Apple has seen its fair share of privacy-related lawsuits due to "leaky" apps. Just last month a Californiajudge allowed most of these lawsuits to proceed, all cases brought upon by individuals who used apps that were secretly harvesting, and selling, excessive amounts of data for their iDevices.
Complicating matters for the end user is the fact that Google doesn’t weed out aggressive ad networks—after all, it runs one of the biggest mobile ad networks, AdMob (an exemplary ad network, according to Lookout). But when Symantec contacted Google about Apperhand, it was told that the app abided by its Terms of Service. Meanwhile Apple's App Store has just begun rejecting apps that appear to collect too much data.
Lookout Develops Framework for 'Adware' DefinitionUnfortunately most aggressive mobile ad networks pay developers pretty handsomely compared to the more responsible networks. For instance Airpush, which has gotten plenty of developers into trouble for spewing Notification Bar spam, claims to pay 10-30 times more than Google’s AdMob. If you’re an indie app developer trying to make any sort of profit from a free app, that's a very tempting payout.
So how can an app developer decide? Working with consumer protection agencies, developers, and ad networks, Lookout has drawn up the "Mobile App Ad Guidelines," a set of criteria to help developers choose a responsible ad network that's less likely to hinder the user experience. After all, if a user deletes an app, the developer stops making money, plain and simple.
In a nutshell, these recommendations include transparency, enabling user control, reasonable limits of data collection, and secure data transfer. Click here to read the entire 10-page report.
According to Kevin Mahaffey, CTO and co-founder of the mobile security firm, Lookout warned offending networks that their code could one day be classified as malware. Some networks turned around; Mahaffey called Israeli ad network StartApp (bundled in indie apps like Tic Tank Toe and Bubbles Touch) a "redemption story." Others ignored the calls: Leadbolt, mOcean, Moolah Media, and Appenda, to name a few.
The fact is that until mobile ad networks have a strong incentive to behave, they probably won't.
Why You Can Still Be OptimisticThis Thursday, the White House is kicking off its first Privacy Bill of Rights roundtable with mobile apps. During this session all sorts of stakeholders, from advertisers to developers, will discuss ways they can "reach consensus on a code of conduct" for how apps handle privacy issues.
I'm optimistic because unlike the decade-long controversy over PC-based adware, mobile adware hasn't been overpoliticized yet. The space is young, the lobbyists haven't lined up, and users are more vocal and better informed about their privacy rights than ever before.
For now, there are several apps that'll scan and identify the mobile ad networks within your existing apps. My tried and true ones include the Lookout Ad Network Detector and TrustGo Antivirus and Mobile Security
