December 20, 2013
Christmas shopping season is here! So… better watch out when downloading popular Christmas or New Year’s mobile apps because some of Santa’s elves may be naughty. Security researchers from VisualThreat, a leading mobile threat analytics company, discovered that over 50% of popular Christmas or New Year’s apps are Adware, while only 14% were safe and ad-free.
Previous studies from Lookout and Symantec showed that more than 20%-25% of apps from certain categories in the Google App store were adware. McAfee also warned that 33% of apps claimed more permissions than they actually needed, such as access to geo-locations or contact lists.
After collecting hundreds of popular apps from Christmas and New Year categories in the Google App store in early December, VisualThreat found adware percentage peaked at an all-time high of 51% due to Christmas mobile advertising. Admob is the most popular mobile advertisement platform. The reason for the high peak of adware matches the mobile marketing pattern of the Christmas and New Year holiday season.
Within adware there are six risk behavior types (data leakage, SMS activities, file operations, spying, networking activities and code execution) that are defined to discover hidden threats. Based on that, a comprehensive threat report was generated for each adware app by applying deep-analytic threat correlations. As shown in the following table, each adware has more than two risk behaviors, 7.54% has medium to high risk-level, and 11.53% has more than three unclaimed permissions. The top data-leakage contents are GPS location, contact information, network provider info, message queries, etc. For unclaimed permissions, 3 apps even claimed more than 15 unnecessary permissions! VisualThreat has informed Google about this concern, and is waiting for their response.
More restrictions for app uploading and auditing are expected for mobile app stores. Currently privacy leakage is the most serious issue among top-listed apps. Christmas and New Year’s is around the corner and consumers are downloading apps in order to share precious moments with friends and family members. It is holiday season month, but also security awareness month. Be joyful AND careful!
Here is an example report for one adware application: