Last week we came across a report about a Plankton variant embedded in various apps emerging in the Android Market. One of the samples we inspected is a puzzle game called Sexy Ladies-2.apk, which is detected as ANDROIDOS_PLANKTON.P along with many other apps related to it.
Other external reports tell of the millions of app downloads with similar suspect code, which led to coining it as the “largest Android malware outbreak ever”. In that report, the analyzed application is a puzzle game. It starts a service that can create a shortcut, get/set bookmarks, post device information to its server (including IMEI, brand, device, model, operating system, OS version, display metrics, locale), set notifications, and set browser homepage.
Our findings show us that this application can be categorized as adware since it appears to be simply used for advertisements. A more appropriate term may be “mobile app adware” with the SDK (software development kit) being used for legitimate download upfront revenues so that people can download them from various mobile app distribution sites. The app’s basic functionality is as was claimed: install a search shortcut and serve ads through that app. Its behavior does not send any private personal data to external server. In short, it turns out to be a monetizing ad service so that app developers can make more money from their free apps. This is basic search monetization.
“Mobile App Adware”
At this point this is a perfect example of “mobile app adware.” This is bolstered from the fact that the current business model is for an SDK integrated into the app and is used for legitimate download affiliate revenue. In today’s content-serving business and marketing model, this makes it practically the same as what is being done on desktop PCs.
Threat Response Engineer Erika Mendoza adds “taking ad networks into consideration, I think it makes more sense now that a lot of applications are bundled with code similar to this. This mobile adware is quite aggressive, but it still depends on the user if they consider this annoying behavior malicious.”
But researchers at Lookout Mobile Security don’t think that this behavior means it’s a malware attack, rather, it is an “aggressive form of an ad network.” We agree with the claim that it isn’t malware per se, however, the issues regarding this involve how mobile information is gathered and stored. There are also potential privacy issues down the line which today users may not understand the possible ramifications of until much later.
It is common for any installed app to retain whatever install rights provided as well as whatever social network or interaction it is allowed. These settings can be retained even if the initial app is removed and reused as a default. In reality, with several hundred apps downloaded with varying purposes and with each mobile device having varying user set protection levels, there are just too many variables to track.
We will consistently provide information about the threat potential, however it’s up to the user’s consent to make an informed decision whether to proceed with downloading the app or not.
The Risks of Search Monetization for Mobile
Of course, there are a lot of potential issues with search monetization hitting the mobile platform. As previously discussed in our 12 Security Predictions for 2012 report, the smaller screens and limited user interface make it a bit more difficult even for the most tech-savvy researcher to figure out what’s going on in the background. This makes it even more difficult and impossible for a regular user to manage. With the recent reported privacy and information theft incidents last year, it is even more critical that users be aware who has their metadata (product preferences, search history, etc) and how its being managed, wherein right now, exists predominantly in the cloud.
Over and over, it’s been said that we are living in the post-PC era. One indication is that tablets were one of the most gifted things last holiday season. As such, this poses as a natural progression of where the money and people’s attention is: ads in the daily newspaper to magazine ads in the magazines, to cable TV, desktop PCs, and now on mobile devices. Who knows where search monetization could land next? Clearly, search monetization is here to stay.
Everyone should be concerned about installing any app on their phones. Your phone stores data, and depending on the level of which you’ve patched it, the best defense anyone has is to be aware of the sort of information you put out.