Adware is the most common app-based mobile threat around the world. Mobile ads act as an important part of today's mobile ecosystem by allowing app developers to offer free apps, but some ads contain adware that can put your privacy at risk by capturing personal information without your permission. Although most ads are safe, Lookout estimates that more than one million American Android users downloaded adware in the past year. In fact, 6.5 percent of free apps in Google Play contain adware.
Having a good user experience and keeping privacy protected on mobile devices is important – people need to trust and be comfortable on smartphones and tablets to use them, after all. Questionable advertising practices among mobile developers can threaten user privacy, however, by taking personal information like email, location, and your contact list or modifying phone settings and desktops without notifying users properly. While most mobile ads respect user privacy, the growing industry needs to protect users to ensure excellent user experience in apps downloaded from Google Play. We’ve been working on defining what adware means and flagging suspicious ad networks in Lookout Mobile Security. We’re also sharing our classifications of adware as guide to help the industry.
Mobile ad standards have been blurry up to this point largely because there haven’t been clear guidelines defined for the industry. We think that defining what it means to be adware is an important step in creating a positive mobile user experience. It doesn’t address the root of the problem to simply label aggressive ad networks as adware, however, so that is not what we want to do.
We define adware as an ad network that does at least one of the following intrusive behaviors without getting appropriate user consent:
- Advertising is displayed beyond the normal app experience
- Retains out of the ordinary personally identifiable information
- Performs unexpected actions when a user clicks on an ad; appropriate user consent means providing a clear alert within the app that allows the user to either accept or decline prior to any behavior taking place
We have identified mobile ad companies that met our adware criteria and, starting in May 2013, we have asked these companies to change their practices. We set a 45-day deadline in order to give these companies a reasonable amount of time to respond and improve their operations before we identify them in our app as adware. As of June 18, 2013, LeadBolt, Moolah Media, RevMob, sellAring and SendDroid meet our adware criteria by practicing one or more of the behaviors identified above without getting user consent.
Now that Lookout Mobile Security for Android flags adware, mobile users will be better equipped to make well-informed decisions about the apps they choose to have installed on their devices.