Description: Android captured 70% of smartphone shipments in the December quarter of 2012. With this explosion, Android has become the world's biggest magnet for smartphone applications - and mobile malware.
Individuals and organizations who develop legitimate applications benefit financially either by selling them, or by embedding advertisement kits. Building free, ad-supported apps helps developers side-step the hassle of the Google Checkout flow, hence becoming the most popular form of monetization.
In this paper, we focus on the security risks and inefficiencies posed by ad-kits. And more particularly those embedded into malware. To this end, we study the Android platform, and 90,000 malware samples. We identify 10 representative ad-kits. We further develop a system called 'Droidlysis' to examine potential risks, ranging from uploading sensitive information to remote servers, to downloading and executing untrusted code. We analyse ad traffic and identify sensitive data transmitted over the air.
Our results show that most ad-kits not only collect private information, but probe for data and permissions beyond the ones listed in their documentation. We discover how users can be tracked by an ad provider across applications, and by a network sniffer across ad providers. Finally, we discuss the financial implications for developers and ad providers.
For More information please visit: - https://www.virusbtn.com/index
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.