Wednesday, 21 March 2012

Targeted adverts strip your privacy

Targeted advertising walks a fine line between being useful and being creepy. As I wrote a while back, one close experience of targeted advertising raised my hackles and I imagine the same goes for others too.

Now it seems that adverts served from Android apps could be even more intrusive than those found on some websites.

Bit9 has written an article about how this can compromise both your privacy and even your device. Summarising a paper by Xuxian Jiang, the piece notes that adverts sometimes track users' GPS coordinates, while one particularly insidious example could be controlled remotely.
"The most concerning factor was the unsafe fetching and loading of dynamic code without user permission or control. Out of these ad libraries, 48,319 tracked GPS location; 18,575 tracked the identity of the phone; and 4,190 let advertisers track users via GPS. Not only were these apps pulling information like GPS/location data, but they were also attributed with aggregating personal information, call logs, account information, and phone numbers. One actually downloaded suspicious payloads, which allowed the host app to be remotely controlled by the ad in question."
The paper itself summarises the functions available in a number of ad libraries, which app developers can embed into their programs. Some are able to initiate phone calls, send text messages and even load classes. The vast majority were capable of reading the device's location data (i.e. GPS coordinates).

I am sure that some companies will be able to work out how to provide a useful targeted advertising service. I'm just yet to see one.