garyopa
10-17-2011, 03:50 PM
Sketchy ads promote battery-saver apps for Android, but experts say they are really stealing data
http://www.maxconsole.com/maxconsole/contents/RKSID00000000000000000144/icon.jpg
Scareware has reached Android as users are seeing ads warning that they need to upgrade their battery, but infact the rogue apps endanger your privacy or siphon money from your wallet instead!
As 'mobile gaming' takes off, so does those that want to 'steal info' or 'have fun' with your personal info, the problem with Android devices they are not just for 'gaming', they also used for your 'personal email, phone calls' so the 'need' to grab that 'info' is even more wanted by these sleazy agents out to wreak your life.
The second problem alot of games on Android, are using the 'ad system' to fund their development, it great and works for alot of indie developers, even top-rated ones like Angry Birds run ads, and with little in the way of check and balances in place currently some of these AD networks have been recently overrun with 'rogue apps', the worse is the battery ones as people want to 'save their battery' so they are more likely then ever to click on it, even worse some are installing and launching with no other screens, just a simple 1-click!
For example, PCWorld spotted one ad on an Android phone for a battery utility called Battery Upgrade. Tapping the ad--even by accident--launches the phone's Web browser, which automatically initiates the download of the app's installer file on the Android device.
"These ads cross a line," says Andrew Brandt, director of threat research for Solera Networks. It's one thing to market a worthless battery app, he says, but another to scare or trick people into installing a program they don't need.
Brandt says that one Android battery app, called both Battery Doctor and Battery Upgrade, is particularly problematic: Not only does it not upgrade a battery or extend a charge, but when it's installed and unlocked, it harvests the phone's address book, the phone number, the user's name and email address, and the phone's unique identifying IMEI number. With a phone user's name, IMEI, and wireless account information, an attacker could clone the phone and intercept calls and SMS messages, or siphon money from a user by initiating premium calls and SMS services. Once the battery app is installed the program sends the phone ads that appear in the drop down status bar of the phone at all times - whether the app is running or not. Lastly it periodically transmits changes to the user's private information and phone-hardware details to its servers.
Worse, the ad links to step-by-step instructions on how to lower your phone's security settings to install the battery utility, Brandt says. "There is no question in my mind that this technique could be used for something far more sinister than a worthless battery app."
Big Brands and Popular Games Enable Sleazy Ads
PCWorld stumbled across the Battery Doctor ad on Hasbro's free, ad-sponsored version of Scrabble. EA Mobile, which developed and maintains the Scrabble app through a licensing arrangement with Hasbro, pulled the ad after PCWorld brought it to the company's attention.
"After becoming aware of the issue, we immediately resolved it by pulling the ad," says Ben Webley, head of global in-game advertising and sponsorships for EA. "Our user experience remains of the utmost importance to EA, and every ad network we work with signs up to a strict publisher-standards agreement."
But PCWorld also found other top free Android OS games delivering similar misleading battery warnings via ads. Earlier this year the hit game Angry Birds was displaying bogus battery ads that linked to malicious apps, according to Lookout Mobile Security.
In one of the Android Market's top 35 free games, an app called Guns, users can simulate target practice by pressing a big red button that serves as the trigger. Small ads run along the bottom of the game window, nearly touching the trigger button. One of the ads we saw read 'Super charge your battery and Android'. If your trigger finger should touch the ad, up pops an image of a stop sign (see image below) with the words 'Battery Upgrade Application' followed by 'Your battery needs an update....' Tapping that ad launches the Google Market app, where you are prompted to download a free app called Android Speed Booster. The following day, the same ad directed us to another Android Market app called Droid Gear Up.
So be careful out there when you are 'mobile gaming', read the reviews first, pay close attention to the permissions that apps request!
NEWS SOURCE: Ads pushing bogus battery upgrade warnings (via) PCWorld (http://www.pcworld.com/article/241967/sleazy_ads_on_android_devices_push_bogus_battery_u pgrade_warnings.html)
http://www.maxconsole.com/maxconsole/contents/RKSID00000000000000000144/icon.jpg
Scareware has reached Android as users are seeing ads warning that they need to upgrade their battery, but infact the rogue apps endanger your privacy or siphon money from your wallet instead!
As 'mobile gaming' takes off, so does those that want to 'steal info' or 'have fun' with your personal info, the problem with Android devices they are not just for 'gaming', they also used for your 'personal email, phone calls' so the 'need' to grab that 'info' is even more wanted by these sleazy agents out to wreak your life.
The second problem alot of games on Android, are using the 'ad system' to fund their development, it great and works for alot of indie developers, even top-rated ones like Angry Birds run ads, and with little in the way of check and balances in place currently some of these AD networks have been recently overrun with 'rogue apps', the worse is the battery ones as people want to 'save their battery' so they are more likely then ever to click on it, even worse some are installing and launching with no other screens, just a simple 1-click!
For example, PCWorld spotted one ad on an Android phone for a battery utility called Battery Upgrade. Tapping the ad--even by accident--launches the phone's Web browser, which automatically initiates the download of the app's installer file on the Android device.
"These ads cross a line," says Andrew Brandt, director of threat research for Solera Networks. It's one thing to market a worthless battery app, he says, but another to scare or trick people into installing a program they don't need.
Brandt says that one Android battery app, called both Battery Doctor and Battery Upgrade, is particularly problematic: Not only does it not upgrade a battery or extend a charge, but when it's installed and unlocked, it harvests the phone's address book, the phone number, the user's name and email address, and the phone's unique identifying IMEI number. With a phone user's name, IMEI, and wireless account information, an attacker could clone the phone and intercept calls and SMS messages, or siphon money from a user by initiating premium calls and SMS services. Once the battery app is installed the program sends the phone ads that appear in the drop down status bar of the phone at all times - whether the app is running or not. Lastly it periodically transmits changes to the user's private information and phone-hardware details to its servers.
Worse, the ad links to step-by-step instructions on how to lower your phone's security settings to install the battery utility, Brandt says. "There is no question in my mind that this technique could be used for something far more sinister than a worthless battery app."
Big Brands and Popular Games Enable Sleazy Ads
PCWorld stumbled across the Battery Doctor ad on Hasbro's free, ad-sponsored version of Scrabble. EA Mobile, which developed and maintains the Scrabble app through a licensing arrangement with Hasbro, pulled the ad after PCWorld brought it to the company's attention.
"After becoming aware of the issue, we immediately resolved it by pulling the ad," says Ben Webley, head of global in-game advertising and sponsorships for EA. "Our user experience remains of the utmost importance to EA, and every ad network we work with signs up to a strict publisher-standards agreement."
But PCWorld also found other top free Android OS games delivering similar misleading battery warnings via ads. Earlier this year the hit game Angry Birds was displaying bogus battery ads that linked to malicious apps, according to Lookout Mobile Security.
In one of the Android Market's top 35 free games, an app called Guns, users can simulate target practice by pressing a big red button that serves as the trigger. Small ads run along the bottom of the game window, nearly touching the trigger button. One of the ads we saw read 'Super charge your battery and Android'. If your trigger finger should touch the ad, up pops an image of a stop sign (see image below) with the words 'Battery Upgrade Application' followed by 'Your battery needs an update....' Tapping that ad launches the Google Market app, where you are prompted to download a free app called Android Speed Booster. The following day, the same ad directed us to another Android Market app called Droid Gear Up.
So be careful out there when you are 'mobile gaming', read the reviews first, pay close attention to the permissions that apps request!
NEWS SOURCE: Ads pushing bogus battery upgrade warnings (via) PCWorld (http://www.pcworld.com/article/241967/sleazy_ads_on_android_devices_push_bogus_battery_u pgrade_warnings.html)