Discussion on:

The price for free Android apps may be your privacy

New post:

Did you know that the built-in ads in free apps get the same permission set as the host app? That has serious implications regarding privacy and security.

probably with as much thought and tact, to be honest...

Here I was just idly ignoring my privacy...
How am I going to justify a new phone!
Good news is I assumed that these things ruined my privacy and still wait to find the guts to overcome my paranoia.

So the real take away is the "Their ain't no such thing as a free lunch" axiom still holds in a modern world.

If it's ad-based, then that is how the app is paid for. Ads and what might be collected.

No big deal.

Cross the line and that's when people get unhappy - despite paid apps (hi Apple!!) they still collect, and no doubt everyone else does. Quietly or otherwise. Not that I've become cynical or anything...

Where is the line drawn. The researchers have examples of where the ad networks were capturing information.

Also, I personally have not seen any mention anywhere in app EULAs about permissions being passed along to the ad network. That bothers me.

As the Ad Libraries are deliberately included in the application by the App Developer, then that person is responsible for the usage of data accessed by that application (which includes the Ad network to whom the library grants access).

As such, the use of the data is governed by the Privacy Policy of the developer, unless the app includes a separate one for the advertising network. Laws in Australia, the UK and the US are very specific about privacy, so it will be interesting to see the litigation when some significant misuse arises.

It will be interesting

There used to be plenty of iOS reports showing Apple quietly collecting data and the rest of it all...

Maybe "market forces" will demand these companies restoring privacy and freedom and the rest of the shoveled buzzwords...

Or maybe they won't.

Dunno.

If we use computer ads as an example they have decided that users will have to opt out of behavioral advertising. I'm thinking the free versus pay model is the mobile equivalent.

While some apps may come in a paid package that does not include Ad Libraries, others come as a single package with the option to pay for a Key to turn off the Ads.

Does entering the Key to turn off the Ads disable use of the linked libraries, or just disable display of the Ads. In other words, has it just given the user a warm fuzzy feeling without actually reducing access to private information by the Ad network?

To be honest, I do not have an answer for you. I will ask Dr. Jiang for his opinion and get back to you. Thanks for asking.

David, Dr. Jiang has not looked into it but said this:

Regarding the option to pay for a key to turn off the ads, I have not looked into the mechanism to turn off ads yet. But if it just gave the illusion of not displaying the ads but still running the ad libraries behind the scheme, the exposed risks will likely remain.

I hope that helps a little.

I can answer this to a degree. Generally the only time the ad network software gets any control in the app is when we instantiate the ad window. So in my experience popular ad networks like admob don't get a chance to do any of their behind the scenes stuff if you don't display the ad window. That said, apps that have two versions in the market, one paid and one ad supported, are ultimately a safer bet because if the developer does his/her job correctly the "ad free" version should usually require fewer permissions than the version that includes the ad library.

Apple was one of the only manufacturers who openly embraced CarrierIQ:

"Apple, for one, has admitted to using Carrier IQ on its iOS devices, but assured that most of its iOS 5 devices no longer use the software and that future updates would completely remove it.

[via AppleInsider]"

Paying for an app does not guarantee your habits are not being monitored.

It all goes back to "Nothing in life is free" there is a price to pay for everything in this world, only problem with this is that most don't know the price of free apps, check the code, its deceptive and down right CRIMINAL!

These days, everything we do is being tracked by smartphones and tablets, your locations are constantly being tracked, our digital footprints tell our stories.

At least there are more opportunities to produce a hardened Android
http://www.theregister.co.uk/2012/01/17/security_hardened_android/
And there are lots of people toying with it so it's more factible to get a more secure Android than a secure iOS or WinPhone.

Are there any ad-blocking apps out there, similar to what we have for browsers on PCs?

But the phone has to be rooted first. One that I know of is AdFree Android:

https://play.google.com/store/apps/details?id=com.bigtincan.android.adfree&hl=en

Something like:
1) Ads have the same access to private info as the host APP - the free version

2) Ads can be displayed only, no access to processing - the $0.99 version

3) No ads allowed - the two buck chuck version.

The installation process should require the authorisation of of level 1. This would probably be difficult to enforce though.

It's nice that someone is looking out for the average Joe, but how about some specific examples of what specific apps are doing, and which are the most dangerous? It is one thing to know where a person is to improve the function of the application, such as Wikihood, but it is another to do it with some malicious intent. Some might say it would be illegal to mislead a person to allow location services because they think it is important for the function of the apps, and another to use the information to gain some other personal information to rob you of something. I compare this article to one that tells people that Guns can kill people, and many people are alloowed to buy them. There is potential here, but not a problem for the majority.
if someone is committing a crime, let it be known. Just because the potential is there, does not mean our favorite apps are dangerous to us.

Please don't attribute MK's article to paranoid delusions. The risk does exist and, like most known vulnerabilities in the computer world, will be exploited. The simple fact is that the ad servers do not need and should not need the level of permissions being given to most apps. Excessive access to ad servers allowed malware to originate from places like the London Times and other trustworthy sites. Never mind the lax privacy controls and tracking that ad agents use to improve monetization of individual ad views.

The Apps themselves often ask for excessive permissions just so the ad servers can "exploit" the access it gives them.

Telling us about these facts is not crying wolf, its awareness.

Just download AdFree, and all ads redirect to your local IP (127.0.0.1), i.e. - they do not work or show up at all. In all my free games and apps I always just see an empty black space where ads are supposed to be. It patches your host file (if you are rooted, which I doubt any techie on here isn't), then all ads are disabled in any app that has them.

This is scary.
Should I be worried about trojans being installed, losing my credit card info, or passwords being stolen?

If the ads are targeting me, and I never click an ad, theoretically shouldn't the ads just stop? (Of course I know that will never happen...)

Seriously, I NEVER click ads, web or phone, (except the occasion where my fat fingers hit one on my phone by accident,) so no matter how many ads they throw in front of my face, the advertised product is not being sold to me, and no click through revenue is being generated for the app developer. The ad company is taking money from their customers, but their customers are not going to get any money from me.

Clicks don't generate revenue, sales generate revenue! I am willing to pay a reasonable fee for content and apps, but no reasonable system is in place for that. So they pump ads at me that I ignore, (I get less when my wifi is turned off,) and I block 'em or ignore 'em.

This system has got to break down eventually. It is false!

I noticed comments above regarding if the ad libraries still exist in the non-free version of an application. That being said is there any way to truly protect yourself from the ads and the privacy and security issues they bring? I do appreciate the quick synopsis and insight into the issue. I did not realize that the ads were receiving the same permission as the actual application.