Skip to content

The Hidden Risk Behind Mobile Ad Networks

Mobile Ad Networks: How Do They Operate?


Visibility is key. According to a joint research by comScore Inc. and Pretarget, ad views are considered more meaningful than actual clicks in terms of digital advertising. The more digital real estate an ad occupies, the more effective it is in reaching its target audience. This is why digital advertising networks matter.


Ad networks serve as digital real estate agents to companies who want promotion. They make money by acquiring digital space and selling them. The continuous market growth of Android phones as well as other mobile devices opens up more space for ad networks to acquire and sell.


Pushing ads on mobile devices ensure visibility, since the ads are usually fed into apps while in use. This becomes a problem when these ads start appearing beyond their legitimate apps. They become persistent and invasive, which often make them annoying for users. This aggressiveness can also lead to unnecessary bandwidth consumption and battery drain.


Mobile ad networks partner with app developers to push their ads. These networks create software development kits (SDKs), which enable developers to show ads within their apps via ad libraries. This partnership is beneficial in both ways. Developers are able to offer their apps for free because of the income generated by pushing the ads, while ad networks enjoy wider coverage.


As stated in the September monthly mobile review, this relationship between mobile ad networks and developers can create several risks for smartphone users. More than just displaying ads, the ad libraries provided by the networks perform suspicious activities on mobile devices without user consent. Research shows that smaller ad networks are more prone to do this.


Apps become high-risk once developers integrate these ad libraries into them. They can create shortcuts, add bookmarks on the user's device, and disable phone notifications. They can also collect sensitive data such as GPS location, call logs, phone numbers, a user's contact list and calendar entries, account and device information, and even text messages. This function is outside mere advertising. Though the information aggregated by these ad networks may be able to help clients reach their target users, this data can also be used maliciously.


In the hands of cybercriminals, this stored user data can be repurposed to power several cybercriminal schemes. They can be used to steal identities, sold directly for profit, manipulated to develop new social engineering lures, or studied while cybercriminals create more sophisticated targeted attacks.


Though visibility is the main goal of ad networks, their invisible workings make them a threat to mobile users everywhere. This is why it's important for users to be more conscious of the apps they use and the app permissions they grant.


Over the past months, some of the top mobile ad networks have put up compliance measures that keep them in line with Google's revised developer policy. These networks released new SDKs that have mandated opt-in mechanisms which give app users the option to either allow or forbid ad networks to collect data and display ads outside of apps. With these opt-in schemes in place, Trend Micro has since proactively removed apps using the new SDKs from our detection.


Threat Spotlight: Premium Service Abusers


Ever wondered why your mobile service provider is charging you way too much? Perhaps your phone is hiding a type of Android malware called premium service abuser.


As its name suggests, premium service abusers can either subscribe a smartphone to premium services or use a smartphone to communicate to premium numbers without its owner's knowledge. These malware are designed to erase all evidence of their activities, so it's hard for users to notice their presence on the device. Users only find out about the anomaly when they're handed unnecessary billing charges they never personally incurred.


This type of malware infects a smartphone via user-assisted download and installation. Unsuspecting users can download it as a rogue app, a fake software patch, or some other Trojanized file, since most premium service abusers piggyback on downloadable apps or software.


Cybercriminals are known to cloak their malicious apps using social engineering techniques. They jump on bandwagons and often spoof popular apps to trick users. In October, for example, cybercriminals released a premium service abuser disguised as the popular gaming app Bad Piggies.


Earlier this year, premium service abusers topped the list of malicious Android apps in terms of accumulated detections. A reason for this could be the lack of regulations against them or mobile malware in general. Unlike other schemes like credit card fraud and fake antivirus that have heavy laws working against their favor, premium service abusers offer a simpler and less risky alternative for cybercriminals to gain profit.


Users of Android-based smartphones users need to be cautious with the apps they install on their devices. When an app seeks for permissions outside its expected function, it's usually a telltale sign that it's malicious. Premium service abusers would most likely ask a user's consent to make calls, send messages, connect to the Internet, or view a user's contact list.


Next time you install an app on your smartphone, check the permissions first. You might just end up spending more than what you bargained for.


Connect with us on