Beware, Hackers Could be Compromising Your Mobile Security

In a recent study of a hundred thousand appliances, researchers from North Carolina State University have concluded, that advertisements in mobile applications pose serious privacy and security risks. They found that, of the appliances studied, more than fifty thousand appliances contained so-called ad libraries.

Moreover, almost three hundred of them incorporated aggressive ad-libraries that were enabled to download and run code from remote servers. This according to Dr. Xuxian Jiang, an assistant professor of computer science at NC State, was cause for alarm as it “made use of an unsafe mechanism to fetch and run code from the Internet – a behavior that is not necessary for their mission, yet has troubling privacy and security implications.”

Dr. Jiang further clarified that “Running code downloaded from the Internet is problematic because the code could be anything; for example, it could potentially launch a ‘root exploit’ attack to take control of your phone — as demonstrated in a recently discovered piece of Android malware called RootSmart.”

Many developers, like Apple, Google and others in the market offer free appliances, which incorporate “in-app ad libraries. “ These ad libraries recover advertisements from remote servers and run these retrieved ads on a user’s Smartphone from time to time. Every time an ad runs, the app developer receives an approved payment.

However, the downside is that these ad libraries can be misused by hackers, who could bypass existing security efforts and the app’s ad library may download unsafe or insidious code after installation.

Dr. Jiang explained, “This poses potential problems because the ad libraries receive the same permissions that the user granted to the app itself when it was installed — regardless of whether the user was aware he or she was granting permissions to the ad library. To limit exposure to these risks, we need to isolate ad libraries from apps and make sure they don’t have the same permissions.”

Ads on mobiles have always been regarded as pesky and interfering. Apart from being annoying, it now seems that they could violate our privacy, by collecting and transmitting sensitive information, without our consent. Wireless carriers are aware of your location, that every mobile owner understands, but do we really want to share that information with advertisers?

It is apparent, that even though mobile marketing may be touted as the next big thing in interactive marketing, there are many areas that need tightening up and many issues that need to addressed.