magnify
Home Software User privacy plunges as Android aggressive adware and malware rise
formats

User privacy plunges as Android aggressive adware and malware rise

Sydney/Auckland – 2 April, 2013 – With adware gleaning more user data from people devices than they would normally need to and developers bundle more than one adware framework into their apps, user privacy is increasingly taking a backseat to profit for developers and advertisers. More and more unknown third parties now have access to user browsing history, phone numbers, email address and everything they need to compile comprehensive and personalised user profiles.

User privacy is taking a serious blow as adware targeting Android devices jumped 61 percent worldwide in the five months through January, while malware expanded 27 percent and adware in the US expanded 35 percent, according to a study by Bitdefender Labs. The number of Trojan reports spiked 37 percent in December 2012.

Android malware and adware are not uncommon to both third party marketplaces and the official Google Play store. While Android adoption increased steadily in the past five months, so has the number of malware and adware detections.

The steepest climb for adware was reported from November to December, reaching a 34 percent increase in a month. Taking advantage of the holiday season, some developers thought to seize the moment to generate extra cash, betting hard that users don’t know how adware behaves.

Trojans saw a slow but steady increase although September to January, only to drop a couple of percentage points in February.

With adware become more intrusive and more bent on collecting as much sensitive information as possible, the line between legitimate software and actual malware is more blurry than ever. Virulent adware seems to increasingly violate user privacy by collecting personal information and using it without users’ knowledge.

While adware is not inherently malicious, it can collect phone numbers, contacts, and email addresses that are broadcasted to third-party services or sold to the highest bidder. The underground market greatly values such data as it can be used by marketers to profile users.

Since most users turn personal devices into work devices, it makes sense that access to restricted and sensitive files is often permitted. As such, it’s not only an issue of having personal data compromised, but also a company privacy matter. Strict BYOD policies should cover malware and virulent adware as well, because both have a direct impact on privacy.

The evolution of Android adware and malware was somewhat different in the US, but it spiked during the holiday season. In November and December 2012, adware spiked, with a 32 percent increase, and malware spiked 33 percent from the previous month.

The ranking Trojan family has been reported as FakeInst, which scams users by asking them to pay for apps that would otherwise be free. If users agree, it sends SMS messages to premium-rated numbers, racking up their phone bills.

In terms of aggressive adware, the Android Adware Plankton family is the most prevalent, as developers use the framework to monetise their work. Adware can also collect personal information such as email addresses and phone numbers. The more adware frameworks bundled with an app, the more intrusive it gets as it broadcasts your data to several third parties.

The ascending trend in both detections indicates that apps bundled with malware and aggressive adware are both reaching for money and for ways to make money by selling your private data. Money is the incentive behind the development of both categories.