Symantec recently reported that 23.8% of all Google Play apps are potentially malicious -- up from 15% a year earlier....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Big Yellow specifically referred to something called madware -- can you please explain what this is and the threats it poses?
Symantec Corp.'s Mobile Adware and Malware Analysis report from October 2013 documented the mobile application security threat of malicious ad libraries in the Android ecosystem. According to Symantec, madware refers to "apps that use aggressive ad libraries."
An advertising library is software that can be used to display advertisements from various sources, usually Internet ad networks. While most ad networks are benign, some are quite aggressive, mining users' sensitive information and asserting other privileges on a device, unbeknownst to the user. Android, along with other platforms, has a plethora of mobile apps that use advertising libraries to not only reduce the apps' development costs, but also monetize the free apps by including ads within them. Using third-party software libraries that are maintained by other developers allows a developer to focus on its application and minimize the time spent including ads in the app -- this is a very common practice in all areas of software development. However, it is quite possible that software developers do not know how aggressive the ad library is, nor the impact it will have on users.
Many people erroneously assume that the Google Play and Apple stores screen for potentially malicious apps that might violate their privacy policies or make their device insecure. The same assumption could be made of the software developers. Unfortunately, many times neither happens.
While the security threat to enterprises is currently minimal (according to Symantec, the malware it observed collects user data for the purpose of displaying targeted ads), madware could certainly be a precursor to future apps stealing sensitive data via third-party libraries. To best reduce the risk from madware, enterprises should create a custom enterprise app store where each app has been independently vetted and approved before being made available to employees. Furthermore, enterprise policy should make it clear that apps on company-owned devices should come from the app store, as should apps on any personally owned devices that access sensitive enterprise data.
Ask the Expert
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.