Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.
More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.
Last week, we monitored three popular Android app stores – Google Play, Nduo and GFan – and found several adware on these app providers. When installed, adware typically display annoying advertisements.
The chart below shows the adware that were still available online from August 12-18. Based on our findings, GFan had the most number of unique apps detected as adware. This might be possibly due to its popularity in the Chinese market. Developers might have created these apps, which display multiple ads on an infected device, in an attempt to target more users and generate more profit.
We also found out that the most number of adware available on these websites are variants of ANDROIDOS_ADWIZP, ANDROIDOS_AIRPUSH, ANDROIDOS_ADSWO, ANDROIDOS_LEADBOLT, and ANDROIDOS_TOUCHNET. Except for TOUCHNET, all the adware mentioned have been detected previously.
Once installed, TOUCHNET not only shows ads but also displays ads in notifications. It does not show which particular app displays the ad. The latter is possibly a technique to prevent users from determining the app to be removed.
Trend Micro protects Android mobile users from this threat via Trend Micro Mobile Security Personal Edition, which detects malware disguised as apps. To know more about how to protect your Android devices from being infected, you may refer to the following Digital Life e-guides: