Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.
More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.
We uncovered four Android mobile apps on Google Play and certain third-party app stores, which when installed, gain access to specific device information that can be used without users’ consent and may lead to data leakage. One of these apps was already removed from Google Play but remain available on third-party ones. These apps are crafted to take advantage of the upcoming 2012 US Presidential Election and its two candidates, Mitt Romney and Barack Obama. Users can download these apps for free.
The first app called “Obama vs Romney”, an ANDROIDOS_AIRPUSH variant found to connect to airpush.com, a mobile ad network site. The app’s description page also indicates that it may contain ad notifications. We found that this app has more than 300 downloads from third party stores and an estimated 500-1000 downloads from Google Play so far.
This app was designed as a polling service in which users can choose between the two candidates. It is supposed to display an overall result of the poll immediately. However, during our testing, it ends up showing the message “you probably want to start clicking as soon as possible”. This particular app also displays potentially annoying ads served from airpush.com that are displayed outside of the app itself.
It also contains ACCESS_COARSE_LOCATION among others, that can access information that includes the device’s GPS location.