back to article Adware API sends smartmobe data home to Chinese company

Mobile developers, listen up: when you pick up that easy-to-use advertising API, make sure it's not snoopware. That's the lesson, the take-out, or (god have mercy on my soul) key learning from work by security outfit Lookout, whose analysis of the Igexin advertising SDK ended with hundreds of apps returning “not found” on …

  1. Tony W

    Malicious software removal

    If Google Play Store can nag me every week to update Twitter yet again, it should be able to warn me when an app I have installed has been removed from for breaking their T & C.

    1. anoco

      Re: Malicious software removal

      Or better. Block it from working the next time you access it with a warning and explanation on how to remove the offending app.

      1. Gnosis_Carmot

        Re: Malicious software removal

        Or even better, remove the app completely and leave only a placeholder that pops up a message saying it was removed for malware.

    2. Anonymous Coward
      Anonymous Coward

      Re: Malicious software removal

      I was just going to ask how Android handles apps that are already installed on phones that google has removed from their App Store for being 'dangerous'. I take it from your answer that it does nothing. To be honest, I don't know if iOS is any better in this regard.

      1. Wulfhaven

        Re: Malicious software removal

        The play store has the ability to remotely delete applications if I do not remember incorrectly. It is a weapon they rarely brandish though.

        1. iron Silver badge

          Re: Malicious software removal

          Indeed they can remotely remove apps. I think they have only done it twice before, don't now if they have done it this time because the article doesn't say either way.

  2. Anonymous Coward
    Big Brother

    "make sure it's not snoopware"

    And here's me thinking that ALL adware is snoopware...

  3. RyokuMas
    FAIL

    So let me get this straight...

    This malware payload can be dlownloaded, installed and executed without any kind of administrator/root access - the only things blocking it is a setting in a database and the end user being smart enough to not just say "ok" to all the permissions the app asks for?

    Good grief, if this were Windows XP instead of Android and an EULA instead of permissions, I'd swear we were back in the early 2000s again...

    Then again, Google have built their entire business on slurping as much data about everything as possible - I guess if they tried to stop anyone else doing it, they could be seen as a monopoly... oh, wait...

    1. Anonymous Coward
      Anonymous Coward

      Re: So let me get this straight...

      Mobile phone users need the minimum barriers possible between downloading an app and being able to 'express themselves' on social media.

    2. Anonymous Coward
      Anonymous Coward

      Re: So let me get this straight...

      There are at least 3 protection mechanisms in force here, 3 more than Windows XP.

      1/ Runtime permissions

      2/ Malicious apps scanning on your phone

      3/ Malicious app scanning on the store

      Also, if you are stupid enough for an app to request access to your call history you should be sure you trust an app with your call history. Would you give your house keys to someone you didn't know?

    3. Anonymous Coward
      Anonymous Coward

      Re: So let me get this straight...

      This is doing nothing that the user didn't permit.

      It can download and execute a module, but only within it's own security model, and it can only access call history, camera, audio etc, if the user has granted access for it to.

      So what exactly is wrong with this app? Essentially nothing, it's doing things you granted it to do.

      What is actually happening here, is The Register are giving free advertising to Lookout. The real agenda is here on a single line on their "article".

      "All Lookout customers are protected from this threat."

      Yep, scareware is alive and well. I suggest Lookout are as scummy as the writers of these apps, for cashing in on gullible people.

  4. Kevin McMurtrie Silver badge

    Google Mobile Services

    Quietly downloading new hidden components and sending back personal data? If there's one thing that Google hates, it's somebody else doing the creepy things that Google does.

  5. oneeye

    First, Eliminate Apk's with Advertising SDKs

    If you want an indepth look at all the ad-ons, like advertising SDK's, developer tools, and every single permission an Apk has, then this Android app can help. Besides scanning every apk.downloaded, or updated, on the device in real time, it gives definitions for just about everything an app has in it. The pop-up notice let's you examine the app before opening it.

    https://play.google.com/store/apps/details?id=com.denper.addonsdetector

    1. Anonymous Coward
      Anonymous Coward

      Re: First, Eliminate Apk's with Advertising SDKs

      No offence as you may be just plugging a legit tool independently. But access to this info needs to be built-in. Its all about Mushrooming mobile-users (feeding them shit and keeping them in the dark). App developers / Storefront giants maintain an illusion of gatekeeping (nothing to see here). Meanwhile every week the Reg has a warning about an app on an store that's toxic and should never have gotten on there. And now that's its loaded-on user's devices, there's still no actionable guaranteed way to remove it, notify the user and refund them either!

    2. Jamie Jones Silver badge

      Re: First, Eliminate Apk's with Advertising SDKs

      That was a needlessly harsh downvote. That could be a useful app for many people, and it wasn't as if he posted a link to some random site.

      As for the ad-sdk's, i was fed up with some of the things one in particular was up to, and after investigating, decided to disabled every ad-sdk that did more than was reasonable.

      All but 2 have been disabled. Seriously, someone needs to come out with an "ethical" ad company/sdk and shout this fact from the rooftops. (yes, i know what I'm saying!)

      Most of the ad companies seem to be evil arseholes doing dodgy stuff (and I say that not as a quip against ad companies generally, but by looking at the sort of shit they get up to)

      A very popular metric they seem to feel justified to have is the device unique id. And if that is blocked? They take your MAC address. Evil bastards.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like