July 9, 2012

Updated: Uncovering Privacy Issues With Mobile App Advertising

“What’s up with this ad taking over my phone?!” “Is this malware?” More and more, we’re hearing concerns about the ads that are cropping up on mobile devices. We’ve got your back with malware, data backup, lost or stolen devices. Now we’re adding aggressive advertisers to our shield with Lookout’s Mobile App Advertising Guidelines.

The situation: Many of our favorite free mobile applications serve ads within the app and rely on these ads for revenue. More than 50% of apps use ad providers such as ad networks and ad exchanges. While most of these ad providers do a great job with user experience and privacy, select ad providers are hampering the experience for mobile consumers.

Updated July 11, 2012
Recently we’ve been asked by some ad providers and app developers if we’ve ever used notification ads. As an app developer, we advertise in mobile applications ourselves and continuously experiment with new ad networks. Mobile advertising is a very important part of any app developer’s business. We’ve advertised with several reputable networks such as AdMob and Millennial Media. In 2011 we tested one ad network that used notification ads. After receiving negative user feedback about the user experience of these ads, we decided to stop using this form of advertising. Shortly thereafter, we discovered that one ad aggregator service we used had placed ads with an ad network in the notification area without our knowledge or approval. We suspect that many other companies have also unknowingly had their advertisements appear in places they did not approve. Both of these experiences inspired us to develop the Mobile App Advertising Guidelines, as aggressive advertising is an important issue for app developers, ad providers, users and businesses to understand. (End of update.)

Our research shows that select ad providers access personal information (including email, phone number and name) without clearly notifying the user. Many of these ad providers also use aggressive mobile ad delivery techniques that can confuse users, like changing bookmark settings or delivering ads outside the context of an individual app. Out of the vast pool of apps we analyzed, we found 5% use an aggressive ad network. That might seem like a small percent of apps, but those apps account for more than 80 million downloads, affecting millions of people.

This is definitely a pervasive issue. On Google Play we found that personalization apps, such as wallpaper apps, had the highest rate (17%) of aggressive ad network integrations.

Clearly these aggressive ad techniques fall into the bucket of “not kosher” for the end user, but it’s also a disservice to the entire mobile ecosystem.

Lookout’s new Mobile App Advertising Guidelines will equip mobile app advertisers and developers with clear privacy and user experience guidelines as they explore new mobile advertising techniques. Lookout’s aim is to support growth and innovation in mobile advertising while protecting user privacy and increasing the trustworthiness of ads.

Since protecting users is our top priority, we’ll also use these guidelines to help us identify what qualifies as adware. This is a living document that will change as the industry evolves, but ad providers that do not follow the basic requirements could be flagged as adware.

We think it’s important to understand what’s going on in your apps, so we encourage you to download the Ad Network Detector app by Lookout. Ad Network Detector puts the information that we’ve gathered about ad networks at your fingertips. The app shows you what types of ads can be displayed, as well as what personal information is collected by an ad network. With easy access to this information, you’ll be able to make a more informed choice regarding whether you want to keep certain apps on your phone.

We’re optimistic that the mobile advertising industry will embrace the best practices put forward in these guidelines. The Guidelines provide the industry with a framework for self-regulation for privacy best practices. By setting clear distinctions around absolute requirements and recommended requirements, Lookout’s Mobile App Advertising Guidelines bring clarity and prioritization to mobile ad privacy behavior.

  1. Asher Delug says:

    I’m the CEO of Airpush, which is considered an “aggressive” ad network by Lookout. We respect Lookout’s new guidelines, and our new SDK (5.0), being launched within 2 weeks, will be fully compliant. We are in fact already nearly compliant with the guidelines, but the new SDK will add a universal opt-in inside the app and some other final compliance points. We have been working on these transparency features prior to Lookout’s announcement, so I’m happy to say that Airpush and Lookout are in full alignment with regard to best practices.

    Lastly, I would like to explain why the Personalization app category has been heavily adopting ad networks like Airpush rather than traditional mobile banner ads. The reason is simple — wallpaper/ringtone/theme type of apps CANNOT use traditional banner ads from networks like Jumptap / Admob/ etc since their is no “in-app” experience. Think about it, how does a wallpaper app use a banner ad ? Rather, their only choices are to charge for the content or to use ad networks like Airpush which offer alternative ad formats such as push notification ads.

    Thanks again to Lookout for defining clear guidelines which the industry can adhere to.

    • Amy says:

      @Asher, we are very pleased to hear your support and compliance with the guidelines! When leaders such as Airpush demonstrate advertising best practices, it helps the entire industry move forward. We hope that other networks follow your lead; in doing so we foster a mobile app ecosystem that balances the priorities of both the industry and the end-user.

      Also, thank you for the clarification on personalization apps.

  2. […] week, Lookout wrote a blog post to warn the world about “aggressive advertisers,” who use sleazy tactics such as […]

  3. William says:

    Ironically, the last time I attempted to download Lookout to my android smartphone, I noticed in the permissions that Lookout reserves the right to ‘…send email to guests without owner’s knowledge…’

    • Amy says:

      @ William, thanks for reaching out. In order to protect your phone from malware and spyware, backup and restore your data, and find your phone, Lookout needs access to a number of Android permissions. Specifically, to enable the Wipe feature that allows you to delete data from your phone remotely, Lookout needs to access various types of data, which includes add or modify calendar events and send emails to guests. To learn more about the permissions we request and explanations on why we access them, check out our permissions page: https://www.lookout.com/permissions. If you have any other questions/comments–feel free to shoot us an email: feedback@lookout.com, thanks!

  4. Unfortunatly most developers don’t think about user experience. The only thing they think about is getting their advertisement through as many as possible channels of the mobile devices. While adverts that are really interesting for people getting way better results.

Leave a comment