Saturday, March 24, 2012
Privacy and security implications," North Carolina State University
The inclusion of advertisment in mobile applications or Mobile application is fraught you’re your privacy or security risks, so beware, says a new study. These Mobile application developers incorporate "in- application advertisment libraries," which are provided by Google inc, Apple Company or other third-parties, for revenue generation. These libraries retrieve ads from remote servers and run the ads on a user's smart mobile phone periodically. Every time an ad runs, the app developer receives a payment. Significantly, researchers found more than half of the 100,000 of the apps contained so-called ad libraries. And 297 of the apps included aggressive Mobile advertisment libraries that were enabled to download and run code from remote servers - which raises significant your mobile privacy and security concerns. "On mobile Running code downloaded from the Internet is problematic because the code could be anything," says MRXuxian Jiang, assistant professor of computer science at North Carolina State University and study co-author. "For example, it could potentially launch a 'root exploit' attack to take control of your smart mobile phone - as demonstrated in a recently discovered piece of Android malware called RootSmart."
In Google Play (formerly known as the Android Market) and other markets, many developers offer free mobile application, according to a North Carolina State University statement. Jiang's team looked at a sample of 100,000 applications available on Google Play between March and May 2011 and examined the 100 representative ad libraries used by those smart mobiles application. One significant find was that 297 of the apps (one out of every 337 apps) used ad libraries "that made use of an unsafe mechanism to fetch and run code from the Internet/server - a behavior that is not necessary for their mission, yet has troubling yourprivacy and security implications," North Carolina State University MR. Xuxian Jiang says. MR. Xuxian Jiang team found that 48,139 of the application had ad libraries that track a user's location via GPS system, presumably to allow an ad library to better target advertisment to the mobile user. These ad libraries pose security risks because they offer a way for 3rd parties - including hackers - to bypass existing Android security efforts. Specifically, the mobile advertisment itself may be harmless, so it won't trigger any mobile security concerns. But the Mobile application ad library may download harmful or invasive code after installation on mobile phone. These findings will be presented on April 17 2012 at the Vth “A C M” Conference on Security and Privacy in Wireless and Mobile Networks in Tucson Arizona, United States.
Source: Silicon India