Analysing mobile privacy on Android, at the application layer

User privacy and data security concerns have never been higher. This issue is seriously amplified by the spiraling use of smartphones… and the popularity of Android has not come without its pitfalls.

New techniques to display ads on mobile devices have begun to proliferate and ads have started to be pushed towards the standard Android notification bar, dropping generically designed icons on the mobile desktop and modifying browser settings like bookmarks or the default homepage.


The fact is that Android apps require a user to accept permissions before they can be fully installed. From a developer’s perspective this is all pretty standard and is not (largely) intended to make the application invasive, intrusive or malicious in any way.

The problem is that unless a user thoroughly reads the full terms and EULA (end user license agreement), it’s often difficult to know exactly what an application has had you agree to.

Aiming to counter this uncertainty is the Ad Network Detector tool from Lookout Mobile Security. Available for free on the Android Market, this service shows the user what information the ad networks within the apps on their phone can access.

Lookout Mobile suggests that it is common for ad networks to collect information that identifies a specific device or user for use in targeted marketing campaigns. Much like for browser-based ads, this practice allows users to see more personalised or relevant ads. But despite permissions-based information access, it is often difficult for the user to understand what aspects of their information are collected by ad networks.

It scans the apps on your Android device for the presence of any of 35 mainstream ad networks, including those that are capable of displaying out-of-app ads. With access to this information, the user is then (in theory) capable of deciding whether they want to keep the app (with the certain ad networks that it has) on their phone.

Mobile malware turns profitable

So just how big a problem is this? Kevin Mahaffey, co-founder and chief technology officer at Lookout says that looking back, 2011 was a watershed year in terms of the types threats we saw emerging. “Threats had greater sophistication and were deployed using more innovative and efficient distribution methods,” he said.

“In 2012, we expect to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years,” added Mahaffey.

For software application developers looking to take their apps to market and monetise them through new highly promoted channels, there may be some sobering words of advice here.

Monetisation is one thing, invasive advertising is another — let’s make sure we can draw the distinction, both now and in the future.