Researchers at North Carolina State University have found privacy and security holes in Android apps because of in-application advertisements. They study the popular Android platform and collect 100,000 apps from the official Android Market in March-May, 2011 and Then they identify the possible 52.1% apps using Advertisements and further developa system called AdRisk to systematically identify potentialrisks.
They explain that most of the ad libraries collect private information, some ofthem may be used for legitimate targeting purposes (i.e., the user’slocation) while others are hard to justify by invasively collectingthe information such as the user’s call logs, phone number, browserbookmarks, or even the list of installed apps on the phone.
The researchers wrote in a paper to be presented at the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks in Tucson on April 17th, [Read Here]
As one host app may contain more than one ad library, it seems more than one third of apps (or more precisely 35, 991) contain one ad library and a small fraction ofapps (around 3%) include at least five ad libraries for monetization.
Such threats range from collecting unnecessarily intrusive user information to allowing third-party code of unknown provenance to execute within the hosting app. Since Android’s permissions model cannot distinguish between actions performed by an ad library and those performed by its hosting app, the current Android system provides little indication of the existence of these threats within any given app, which necessitates a change in the way existingad libraries can be integrated into host apps.