NCSU Researchers Warn of Privacy, Security Flaws in Android Apps
The problem is tied to the fact that Android's permissions model can't distinguish between the actions of an ad library and those of its hosting app.
North Carolina State University researchers recently uncovered [PDF file] privacy and security vulnerabilities in Android apps that are tied to in-app advertisements.
"They explain that most of the ad libraries collect private information; some of them may be used for legitimate targeting purposes (i.e., the user’s location) while others are hard to justify by invasively collecting the information such as the user’s call logs, phone number, browser bookmarks, or even the list of installed apps on the phone," The Hacker News reports.
"Since Android’s permissions model cannot distinguish between actions performed by an ad library and those performed by its hosting app, the current Android system provides little indication of the existence of these threats within any given app, which necessitates a change in the way existing ad libraries can be integrated into host apps," the researchers write.
Go to "Security holes in Android with apps Advertisements" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.