Symantec recently reported that 23.8% of all Google Play apps are potentially malicious -- up from 15% a year earlier....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Big Yellow specifically referred to something called madware -- can you please explain what this is and the threats it poses?
Symantec Corp.'s Mobile Adware and Malware Analysis report from October 2013 documented the mobile application security threat of malicious ad libraries in the Android ecosystem. According to Symantec, madware refers to "apps that use aggressive ad libraries."
An advertising library is software that can be used to display advertisements from various sources, usually Internet ad networks. While most ad networks are benign, some are quite aggressive, mining users' sensitive information and asserting other privileges on a device, unbeknownst to the user. Android, along with other platforms, has a plethora of mobile apps that use advertising libraries to not only reduce the apps' development costs, but also monetize the free apps by including ads within them. Using third-party software libraries that are maintained by other developers allows a developer to focus on its application and minimize the time spent including ads in the app -- this is a very common practice in all areas of software development. However, it is quite possible that software developers do not know how aggressive the ad library is, nor the impact it will have on users.
Many people erroneously assume that the Google Play and Apple stores screen for potentially malicious apps that might violate their privacy policies or make their device insecure. The same assumption could be made of the software developers. Unfortunately, many times neither happens.
While the security threat to enterprises is currently minimal (according to Symantec, the malware it observed collects user data for the purpose of displaying targeted ads), madware could certainly be a precursor to future apps stealing sensitive data via third-party libraries. To best reduce the risk from madware, enterprises should create a custom enterprise app store where each app has been independently vetted and approved before being made available to employees. Furthermore, enterprise policy should make it clear that apps on company-owned devices should come from the app store, as should apps on any personally owned devices that access sensitive enterprise data.
Ask the Expert
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that ...continue reading
Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.