Symantec recently reported that 23.8% of all Google Play apps are potentially malicious -- up from 15% a year earlier....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Big Yellow specifically referred to something called madware -- can you please explain what this is and the threats it poses?
Symantec Corp.'s Mobile Adware and Malware Analysis report from October 2013 documented the mobile application security threat of malicious ad libraries in the Android ecosystem. According to Symantec, madware refers to "apps that use aggressive ad libraries."
An advertising library is software that can be used to display advertisements from various sources, usually Internet ad networks. While most ad networks are benign, some are quite aggressive, mining users' sensitive information and asserting other privileges on a device, unbeknownst to the user. Android, along with other platforms, has a plethora of mobile apps that use advertising libraries to not only reduce the apps' development costs, but also monetize the free apps by including ads within them. Using third-party software libraries that are maintained by other developers allows a developer to focus on its application and minimize the time spent including ads in the app -- this is a very common practice in all areas of software development. However, it is quite possible that software developers do not know how aggressive the ad library is, nor the impact it will have on users.
Many people erroneously assume that the Google Play and Apple stores screen for potentially malicious apps that might violate their privacy policies or make their device insecure. The same assumption could be made of the software developers. Unfortunately, many times neither happens.
While the security threat to enterprises is currently minimal (according to Symantec, the malware it observed collects user data for the purpose of displaying targeted ads), madware could certainly be a precursor to future apps stealing sensitive data via third-party libraries. To best reduce the risk from madware, enterprises should create a custom enterprise app store where each app has been independently vetted and approved before being made available to employees. Furthermore, enterprise policy should make it clear that apps on company-owned devices should come from the app store, as should apps on any personally owned devices that access sensitive enterprise data.
Ask the Expert
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
IP devices like multifunction printers and faxes may be an attack vector. Expert Nick Lewis explains the vulnerabilities, and how to secure them ...continue reading
AceDeceiver is a Trojan that can install itself on iOS devices without any certificates. Expert Nick Lewis explains how it works, and how enterprises...continue reading
USB Thief, a new type of stealth malware, leaves no trace on air-gapped targets. Expert Nick Lewis explains how the malware works and how enterprises...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.