Android has taken a lot of criticism about insecure apps and malicious bits and bytes. Once again a study carried out in North Carolina State University has pointed out a major security loop hole present in Android apps, rather the ad libraries that these applications use to earn money are a point of major concern.
Free Android apps earn a fee every time some one clicks on the ads that are displayed with-in the app. Professor Xuxian Jiang, the North Carolina professor who carried out the research, thinks that there is a major flaw with this business model, where apps are allowed to provide access to advertising libraries in order to make money.
The study was carried out by analysing 100,000 apps randomly chosen from Google Play (previously Android Market). Upon research it was found out that these apps could share the permissions acquired from the user to access personal data with these ad libraries, thus rendering them completely unsafe, where they may access private data without the user ever knowing it.
Moreover, almost half of these apps and the ad libraries they used constantly tracked user’s GPS location, around 20,000 retrieved the phone’s identity (its IMEI number), while about 4000 of them let the advertisers gain on user’s location via GPS and the same number of apps were found to be accessing the phone number.
Although there was no clue of malicious activity on part of any of these apps , there was one library ‘energysource’ that allowed code to be insecurely downloaded from the internet which could be executed. This is what makes it a point of concern where many of these libraries allow code to be executed coming from the internet which can easily be targeted by malicious users to run an infected piece of code on the smartphone.
For the said reasons, it was emphasized for developers to find ways to isolate the method of granting permissions to these apps and ad libraries, so that they have to separately ask for user permission before accessing the private data.
Meanwhile, it was found out in a separate research carried out by Abhinav Pathak, a computer scientist at Purdue University, that these ad libraries also act as battery drainers where they suck-out about three-quarters of the battery juice just to retrieve ads and constantly transmit user data back to the advertisers.