Of the 100,000 apps, 297 contained ad code that allowed the phone to run code downloaded from the Internet, providing a potential path for malicious software to get inside the device. "If your app has permission to access personal information, the ad library also has permission to access your information," Jiang Spokesperson . The North Carolina United States research is only the latest evidence of gaping security and privacy holes in smart mobile phones. In April of last year, iPhones and Google Android devices were found to track users' locations automatically. Then, in December, these and other smart-phone devices were found to carry diagnostic software that also tracks a wide range of user information. More recently, it was discovered that both iPhones and Google Android devices share users' address books and other information with apps. And instances of mobile malware have been rising.
The new findings point to a flaw in the business model behind apps, Jiang Spokesperson. Developers rely on revenue from ad libraries to support free apps, but they have no control over what those libraries do. "The current model of embedding ad libraries in mobile applicationfor monetization purposes poses security and privacy risks. These ad libraries will essentially have the same set of permissions granted to the applicationthat enclose them. And certain ad libraries may abuse them for other unwanted purposes." Mobile device makers should provide ways to isolate the two, Jiang Spokesperson , so that the ads run separately from the host apps—and require separate explicit permissions. "There are fundamental concerns in the way mobile applicationare being monetized," he adds. Adding insult to injury, other research has recently found that ads associated with free Google Android applicationare also battery-drainers. Abhinav Pathak, a computer scientist at Purdue University, and colleagues at Microsoft Research found that as much as three-quarters of the juice used by such applicationis spent to serve ads and transmit user data back to advertisers.
Source: Massachusetts Institute of Technology