June 26, 2013

Lookout Flags Newly-Classified Adware

Privacy and good user experience on mobile are critical – after all, people need to trust and feel comfortable on their smartphones and tablets in order to use them! But questionable mobile advertising practices, such as adware, can get in the way of user privacy and experience, doing things like capturing personal information (i.e., email, location, address list, etc.) without proper notification and modifying phone settings and desktops without consent. While the majority of mobile ads are A-OK, as the industry grows, it needs to protect user privacy and excellent user experience. Beginning today, we’ll be flagging ad networks that we have newly classified as adware in Lookout Mobile Security. We’re also releasing our classification of adware to help guide the industry.

Adware is the most prevalent app-based mobile threat around the world today. In the past year, Lookout estimates that more than one million American Android users downloaded adware. In fact, 6.5 percent of free apps in Google Play contain adware. It’s important to note that mobile ads are an important component in the mobile ecosystem and serve a critical purpose, allowing app developers a way to provide free apps.

There is a lot of gray area when it comes to mobile ad standards, this is due in part to the fact that there haven’t been clear guidelines for the industry. We believe the industry classification of adware is extremely important. We didn’t want to simply label aggressive ad networks as adware—this doesn’t address the root of the problem.

We define adware as an ad network that exhibits one or more of the following intrusive behaviors without requesting appropriate user consent:

  • Displays advertising outside of the normal app experience
  • Harvests unusual personally identifiable information, or
  • Performs unexpected actions as a response to ad clicks; appropriate user consent entails providing a clear alert in the application that allows the user to accept or decline before any of the above behaviors takes place

We identified companies that fell outside of our classification, and starting in May 2013, we contacted the companies and asked them to change their practices. We set a 45-day timeframe in order to give the companies an appropriate amount of time to respond and improve their behaviors before we would flag them in our app as adware. As of June 18, 2013, LeadBolt, Moolah Media, RevMob, sellAring and SendDroid continued to demonstrate one or more of the above identified behaviors without appropriate user consent.

Now, the Lookout app for Android flags adware, so people will have more information to make a well-informed decision about the apps they have on their device.

  1. ken says:

    Would help if you listed the advertising SDKs that “Displays advertising outside of the normal app experience”.
    The only one I’m aware of is Airpush and they let you disable it after one dialog.

  2. DonRoss says:

    Thanks for becoming the investigative reporters and whistle-blowers of our mobile app world.

    While this report focuses on Android users, can you report on the level of threat for iOS users?

  3. Bruce says:

    So, while you are detecting ad networks, you are now putting up notification ads for your own product. Shame on you. I am willing to see ads on screens, but I do not tolerate notification ads. I’m uninstalling Lookout so fast it will make your head spin. Nice way to ruin a good app. Congrats.

  4. Mary says:

    thanks for the work to keep our phones secure.

    I think I will try your app.

Leave a comment