Tips and Tricks

The ABC of Cybersecurity – Android Threats: A is for Adware

Advertising-supported software has become a billion dollar business in which developers offering free software can generate some revenue that would allow them to either continue development or recover some development costs. Usually bundled with other software packages, adware is common in most of today’s free software, allowing for personalized ads based on user tracking.

Android is no stranger to adware, especially since most applications are free. Consequently, Android app developers often bundle adware frameworks within their free apps, without fully understanding just how much personal user data those frameworks track.

While not malicious per se, adware can be quite a nuisance, especially when browser traffic is constantly redirected, popups and nag screens block legitimate webpages, and applications start pestering you with notifications about installing other apps.

What’s Tracked and Who Gets Access to the Info

Bundling Android apps with adware is a borderline legitimate practice that is usually all written down in the Terms and Conditions of all apps. However, no one actually bothers reading dozens of pages of text even though they do explain what exactly you will be tracked for and who might receive that data.

All your browsing history, web searches, and even applications used are usually tracked by adware frameworks. This information is mostly used to build a virtual behavioral profile of each individual user in an attempt to understand his shopping behavior, interests, and overall phone usage patterns for marketers to understand how to build their marketing campaigns.

Although that information doesn’t contain personally identifiable information, such as name or IP address, it can be used to establish a pretty comprehensive behavioral profile for each user. This information is sometimes distributed among more than one marketer, which is why users end up bombarded with “personalized” offers via email or website ads to products and services that are sometimes completely unrelated.

Why do Developers Bundle Adware?

Just because you can download an Android application for free and use all its features does not mean you’re not paying for it; in this case you pay by allowing it to track your every activity. Adware frameworks, also known as adware SDKs, are usually pieces of code that developers simply copy-paste within their apps with the promise that they’ll be rewarded with some revenue based on how many users click on in-app adverts.

It’s not uncommon for developers to be oblivious to exactly how much information is collected through those adware frameworks, how intrusive they can be, or just what types of ads can be served through those banners.

Adware is Not Always Benign

While most adverts can nag, cybercriminals can sometimes use ads to trick users into visiting malware-serving or fraudulent websites. Because Android developers have no control over who actually serves the ad within their application, the adware company responsible for that can sometimes be tricked by cybercriminals into displaying malicious websites.

The technique is commonly referred to as “malvertising.” It involves the manipulation of legitimate adware services to lure victims to websites controlled by cybercriminals. While these campaigns are usually spotted in a matter of hours or days, they can inflict significant damage.

Staying Safe from Adware

There are quite a few tricks for steering clear of adware-bundled apps. For one, installing an Android mobile security solution is one of the most effective methods to identify both malicious applications and adware-infested apps. Although it’s tricky to figure out which apps have benign adware, security companies constantly assess and evaluate the security status of all applications, keeping you safe and informed of the security status of all installed apps.

It’s also important to review the type of permissions apps request before installing them, as this is usually a good indication of much tracking they’re capable of performing.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.