Everyone loves something for free! And when it comes to smartphones and tablet users, apparently even not-free needs to be really, really cheap. However, we all know that when something is free or cheap there is usually a catch.
Developers of apps, for the most part, are not doing it for fun. It is a business and as such they need to make money. There are many ways to try and make money in the mobile app business:
- Selling your app for an upfront price
- Selling a subscription to the content that is displayed on your app
- Offering some bits free but charging for access to a premium set of features
- Charging for “consumables” in your app like weapons or clothing for your in-game character
These are just some of the ways that developers choose to feed themselves. Another way is through selling advertising space in your app, just like you would on your website. To do this, app developers sign up to an advertising network that automatically sends ads to the app to display while it is in use. Developers get a fee based on the different actions the user may take.
How Much Info Are You Willing to Share…
This may sound harmless, a bit annoying if an ad keeps popping up while you’re playing Angry Birds, but harmless. However, the question is what level of information are you willing to share about yourself in order to have that free app experience?
Have you ever been using an app and had an ad appear that seems far too relevant to you? I use a Samsung Nexus S and I often get ads that tell me my Nexus S could do something “magical” if I downloaded a new app. Or, I get offers for switching from my current carrier to one of the main competitors.
Currently, there’s a debate raging in the mobile security space. It started when another security firm, made the claim that they had uncovered the largest mobile botnet ever seen. They also claimed that millions of devices had been infected. Then it was revealed that the “infection” was actually a piece of software code used by an advertising network. This code called an “SDK” (software development kit) collects the following information and sends them back to the ad network:
- A code specific to your device(IMEI)
- Details about the device you are using, including brand and model
- The operating system and version
- Where you are located
It can also create bookmarks on your device, change your browser homepage and send you notifications. Other ad networks also collect details about the network you connect to and whether you are connected via WiFi.
The debate centers around whether apps with code inserted from an ad network are actually “malicious” as they collect so much information, and in this case can actually remotely make changes to your device without your knowledge or direct consent. Or, are these a legitimate form of advertising and monetization of a developer’s time and effort?
The opinion of our Trend Micro threat researchers is discussed here: http://blog.trendmicro.com/search-monetization-as-a-new-threat-to-the-mobile-platform/
Information is Money
When you think about it, the bigger ad networks with many apps in their stable can actually build a pretty good profile of the devices using their apps. Not only can they collect the information listed above, but they can tell what type of apps you install, what time of day you typically use apps, and even which types of apps you use when.
From all this data they can probably get a pretty good picture of age and gender of the user. And depending on the individual’s response to advertising campaigns, they may even be able to collect more direct personal information.
So, in an age where information is money, and personal privacy is valued higher than many other things – what allowances are you willing to make in order to play a free game on your phone?
I would love to hear from you about what you are willing to share to save a buck.
I work for Trend Micro and opinions expressed here are my own.