Depending on where you look, Android devices have a reputation for harboring all sorts of malware applications and services, such that the platform is a hackers’ paradise. By comparison, Apple’s iOS platform is considered to be squeaky clean. There is an element of truth in both of these statements, but iOS is not squeaky clean nor is the Google Play Store full of malware, although statistics in a report released earlier this week from ad monitoring specialist firm, Forensiq, demonstrated that around one in four tested applications in Google Play Store contained ad fraud code. Forensiq stated that its platform identified more than five thousand applications. These applications, “…were observed generating traffic through most major ad exchanges and networks. These apps would establish on average 1,100 connections per minute and communicate with 320 ad networks, ad servers, exchanges and data providers in the course of an hour.” Over ten days, Forensiq observed more than twelve million devices exhibiting this fraudulent behavior, although this amounted to only one percent of US devices and two to three percent of European and Asian devices. Forensiq estimates that the annual loss is around $900 million across the world.
Upon investigation, many of the suspicious applications run transparently on the customer’s device, serving up thousands of adverts a day that are simply not witnessed by the user. Some applications also downloaded a script designed to emulate clicks on banners whereas others redirected users to alternative websites selling a product, or alternative applications on the native application store.
When the faulty application is running in the foreground, under twenty percent of the collected adverts are seen by the user. Some applications appear designed with ad fraud in mind but Forensiq also witnessed applications with no advertising also serving adverts from the servers. Wickr and BBM were two messaging applications seen exhibiting this behaviour. From the customer perspective, fraudulent advert activity typically causes battery drain and increased data usage: these applications are connecting and downloading adverts over a data or WiFi connection as frequently as every three seconds. In some cases, ad fraud can use up to 2 GB of Internet data a day: most users will notice a reduction in battery life but perhaps not the extra data use, especially if there is no data limit policy set on the device.
There are ways to detect fraudulent applications and the most obvious way is to check the app permissions when installing. As Forensiq said: “Malicious apps often request suspicious permissions, which include being able to prevent the device from sleeping, run at start-up, modify and delete content on the SD card, and access location services while running in the background. Many of these permissions are requested even if genuine features of the app would not require them.”
Forensiq discovered that there were almost three times as many Android applications exhibiting this behavior compared with either iOS or Windows Phone and this by itself is interesting news; Tim Cook, Apple’s Chief Executive Officer, may already be preparing another dig at Android malware. However, what happened next after Forensiq released the report is especially interesting because Google have pulled a number of applications following Thursday’s report. Forensiq Chief Executive Officer, David Sendroff, said this on the matter: “I would imagine that Google saw the news, installed the apps themselves to monitor what was happening and took action. It feels really great to create such awareness and I think everyone just wants to have a clean ecosystem in regards to the [Play] store.” Yes; Android appears to have more malware compared with the Apple and Windows Phone application stores, but Google appears to be far more reactive than its competitors in keeping the store clean.