| Lookout Blog June 26, 2013

June 26, 2013

Lookout Flags Newly-Classified Adware


Privacy and good user experience on mobile are critical – after all, people need to trust and feel comfortable on their smartphones and tablets in order to use them! But questionable mobile advertising practices, such as adware, can get in the way of user privacy and experience, doing things like capturing personal information (i.e., email, location, address list, etc.) without proper notification and modifying phone settings and desktops without consent. While the majority of mobile ads are A-OK, as the industry grows, it needs to protect user privacy and excellent user experience. Beginning today, we'll be flagging ad networks that we have newly classified as adware in Lookout Mobile Security. We’re also releasing our classification of adware to help guide the industry. Adware is the most prevalent app-based mobile threat around the world today. In the past year, Lookout estimates that more than one million American Android users downloaded adware. In fact, 6.5 percent of free apps in Google Play contain adware. It’s important to note that mobile ads are an important component in the mobile ecosystem and serve a critical purpose, allowing app developers a way to provide free apps.

There is a lot of gray area when it comes to mobile ad standards, this is due in part to the fact that there haven’t been clear guidelines for the industry. We believe the industry classification of adware is extremely important. We didn’t want to simply label aggressive ad networks as adware—this doesn’t address the root of the problem. We define adware as an ad network that exhibits one or more of the following intrusive behaviors without requesting appropriate user consent:
  • Displays advertising outside of the normal app experience
  • Harvests unusual personally identifiable information, or
  • Performs unexpected actions as a response to ad clicks; appropriate user consent entails providing a clear alert in the application that allows the user to accept or decline before any of the above behaviors takes place
We identified companies that fell outside of our classification, and starting in May 2013, we contacted the companies and asked them to change their practices. We set a 45-day timeframe in order to give the companies an appropriate amount of time to respond and improve their behaviors before we would flag them in our app as adware. As of June 18, 2013, LeadBolt, Moolah Media, RevMob, sellAring and SendDroid continued to demonstrate one or more of the above identified behaviors without appropriate user consent. Now, the Lookout app for Android flags adware, so people will have more information to make a well-informed decision about the apps they have on their device.