Safeguard your phone from Push Ad
Release Date: 29 Aug 2012
4310 Views
In the previous article "Risk Implications of Push Ad in Android system", we have analyzed the security problems brought by "push ad". We may try the following measures to solve the problems.
1. Use official app stores
According to reports from different sources, most of the malwares are found in unofficial markets. Although you may find some of the apps appear in both official and unofficial markets, malware writers are capable to re-package apps with injected malicious codes, and release the apps in the unofficial markets. To safeguard your phone, you should download the apps from the official app stores only.
Fig 1. Google official application market "Play Store"
In February 2012, Google launched a service called Bouncer on its official Play Store. Bouncer automatically scans the apps uploaded for malware detection, which decreases the number of malwares appeared in the Play Store effectively. Besides, Google can remotely remove malware apps from users’ phones. Therefore, using official markets can provide us a secure and safe environment.
For more information about Bouncer, refer to:
2. Be aware of apps permission
Whenever downloading and installing a new app, we should be aware of its permission of usage. Most of the apps which consist of "push ad" or malicious code usually require a lot of permissions. Before installing an app, we should pay more attention on the circumstances of over permission.
Fig 2. Installing an app, user is required to accept the permissions of usage.
In addition, we have to pay attention on apps update. When updating apps through official Play Store, the apps will make comparison between new and previous permission; and will also alert users for any permission change by requiring users to perform "manual update".
Below are some higher-risk permissions :
Cost money
Directly call phone numbers (CALL_PHONE)
Send SMS messages (SEND_SMS)
System tools
Automatically start at boot (RECEIVE_BOOT_COMPLETED)
Retrieve running applications (GET_TASKS)
Modify global system settings (WRITE_SETTING)
Phone calls
Read phone state and identity (READ_PHONE_STATE)
Monitor, modify, or abort outgoing calls. (PROCESS_OUTGOING_CALLS)
Personal Info
Read contact data (READ_CONTACTS)
Write contact data (WRITE_CONTACTS)
Read Browser’s history and bookmarks (READ_HISTORY_BOOKMARKS)
Write Browser’s history and bookmarks (WRITE_HISTORY_BOOKMARKS)
3. Install trusted security apps
A good mobile security app can effectively scan as well as detect apps which contain malicious code and "push ad". It can also help distinguishing if the apps are safe and thus keeping the phone in a good environment.
Besides scanning and detecting malware apps, many mobile security apps also provide security features, including privacy explorer, secure web browsing, data backup, locating lost phone, and data remote wipe, etc.
Fig 3. Anti-malware and mobile security tools for Android
4. Use Ad / Add-on detector
When you receive "push ad" but not knowing which app they are derived from, Ad / Add-on detector can help. Ad / Add-on detector can scan your phone and detect the apps which contain advertisement add-on and generate "push ad". Besides auto scanning function, some add-on detectors can monitor and record the action of your notification bar. By checking the records, users can accurately find out which apps generated the notification message.
Fig 4. Ad / Add-on Detector for Android
New features in Android 4.1 Jelly Bean
If your phone is already using Android 4.1 system, it is even more effective to block unwanted notification message. "Show Notification" is a built-in feature of Android 4.1 system which enable suppression of notification by uncheck the "Show Notification" in the particular App Info. (Fig 5)
Fig 5. "Show Notification" Option
If there is an unknown notification message and it is not sure which app it is derived from, you may long press on that notification message, and pop-up option "App Info" will be shown. By entering the "App Info", you can find out which app derive the notification. It is very convenient to get the app information and stop the respective notification. (Fig 6)
Fig 6. Long press on the notification message, "App Info" option shows
Google new policy, stop inappropriate activity in advertising
Google has updated Google Play Developer Program Policy in August 2012. The updates covered app naming, app icon, payment, privacy, spam email and advertisement, etc. The aim of the updates is to stop inappropriate activity in advertising. Any existing applications discovered in violating of the policy may be subjected to warning or removal from Google Play.
For more information about Google Play Developer Program Policy, refer to http://play.google.com/about/developer-content-policy.html
Share with