Sleazy Ads on Android Devices Push Bogus ‘Battery Upgrade’ Warnings

Scareware has destroyed mobile: Users of Android devices are starting to project punk ads warning that they need to upgrade their device's battery. The supposed battery-saver apps that those ads prod you to download, however, could endanger your privacy or siphon money from your wallet–and generally they'll do aught to improve your gadget's battery life history, security experts say.

In some cases you don't even require to agree to download the apps. For example, PCWorld patterned one ad along an Android phone for A battery utility called Battery Upgrade. Tapping the ad–even by accident–launches the phone's Browser, which mechanically initiates the download of the app's installer file on the Android device.

"These ads cross a line," says Andrew Willy Brandt, director of threat inquiry for Solera Networks. IT's ane affair to market a worthless battery app, he says, but some other to scare or trick populate into installment a syllabu they don't need.

The ads are similar to scareware marketing tactics that suffer appeared connected PCs: Such ads pop up happening desktops or laptops, warning that your computing device is infected and advising you to download a program to fix the problem. In many cases those rogue system utilities and antivirus products are merely disguises for software that spies on users.

Why use battery ads as a stratagem? They tap into a commons anxiety, Willy Brandt says. Phone users aren't yet concerned about viruses connected their phones, simply they are worried most their battery being sucked dry.

Privacy-Busting Battery App

This ad popped finished when we tapped on an adver displayed in the Mechanical man adaptation of the game Scrabble. The installer program for the app, Shelling Raise, downloaded automatically.

Brandt says that one Android battery app, called both Assault and battery Doctor and Battery Upgrade, is particularly problematic: Not only does information technology non upgrade a battery Oregon extend a charge, but when information technology's installed and unfastened, it harvests the phone's address book, the phone number, the user's name and email speech, and the call up's unique identifying IMEI number. With a phone user's name, IMEI, and wireless account information, an attacker could clone the sound and intercept calls and SMS messages, OR siphon off money from a exploiter past initiating premium calls and SMS services. Once the battery app is installed the program sends the phone ads that appear in the cast off down status block u of the phone at all times – whether the app is running or not. Lastly it sporadically transmits changes to the user's private information and telephone-computer hardware details to its servers.

Worsened, the ad golf links to in small stages instructions on how to lower your phone's security measures settings to instal the barrage utility, Brandt says. "There is no question in my mind that this technique could be used for something far more sinister than a unworthy battery app."

What do the makers of Battery Doctor/Battery Upgrade consume to say about their apps? We couldn't find them. Zero get through information for the publishers appears inside the app itself. The domain that hosts the ad and download was recorded through a service of process that shields the owners' contact information.

Big Brands and Popular Games Enable Sleazy Ads

PCWorld stumbled crosswise the Battery Doctor ad along Hasbro's free, ad-sponsored version of Grope for. EA Mobile, which matured and maintains the Scrabble app through a licensing arrangement with Hasbro, pulled the ad after PCWorld brought IT to the company's attention.

"Later on seemly aware of the issue, we immediately resolved it by pull the advertisement," says Ben Webley, head of world in-game advertising and sponsorships for Ea. "Our user know remains of the utmost importance to EA, and every ad network we work with signs upbound to a strict publisher-standards agreement."

But PCWorld also found early top free Humanoid OS games delivering similar misleading battery warnings via ads. Earlier this year the remov game Provoked Birds was displaying bogus battery ads that linked to vixenish apps, according to Lookout Seaborne Surety.

The ad in the bring dow-right corner of the game Guns joined to an ad that claimed the phone's shelling needful an update.

In one of the Android Food market's upper 35 non-slave games, an app called Guns, users can simulate target practice by pressing a big violent button that serves atomic number 3 the trigger. Small ads run along the bottom of the game window, nearly touching the set off button. Unitary of the ads we saw say 'Super charge your assault and battery and Android'. If your trigger finger should touch the ad, up pops an image of a stop sign (get word paradigm below) with the words 'Assault and battery Upgrade Application' followed by 'Your battery necessarily an update….' Tapping that anno Domini launches the Google Market app, where you are prompted to download a free app called Android Stop number Booster. The following day, the same ad directed us to another Humanoid Market app titled Droid Gear Up.

This adver popped up when we tapped on an ad displayed in the Mechanical man version of the gage Guns.

We time-tested to contact the developer of Android Speed Booster victimisation the email address in the Android Market listing for the political platform. We received a "delivery unsuccessful" message.

Earlier this year some unsuspicious Android users heeded battery-conservation ads and downloaded an Mechanical man Trojan horse program called Battery Saver (security experts know the malware by the make GGTracker).

Kevin Mahaffey, Lookout's cofounder, says that battery ads on the spunky Angry Birds pointed to an app in Google's Android Market that, when installed, tried to charge users $10 a month by sneakily sending out premium text messages via the customer's phone.

Malicious hackers ilk to target phones because they provide a direct reward, Mahaffey says. "As opposed to your PC, a phone has a singular connection to a payment system (through your radio set carrier). When hackers have taken over a phone, that's the best matter they try to exploit," he says. With control of your phone, hackers rear end make premium 900-service calls Oregon send agiotage text messages that put money directly in their pockets.

Android Is a Target

Security firm McAfee says that malware targets the Android Operating system disproportionately because IT's the largest mobile platform in the world. In a 2011 report, McAfee says that malware targeting Android phones jumped 76 percent from the previous quarter (PDF).

Luckily, the numbers of hoi polloi who have been right away affected away airborne malware are ease undersized: about 2 percent of U.S. Mechanical man users and 5 percent international, according to Watch's Numbers.

Responsibility for his character of aggressive selling–or scareware–may lie i with unscrupulous advertisers crossing a run along. According to Mason Sixpence, a mobile ad broker with Green Fin Media, app developers potty pay a commission of $1 to $3 per download of their app. The goal for dodgy advertisers, Tanner says, is to get you to install that app by any agency possible.

"There is no grey area when it comes to pushing a download onto a device without a user's consent," he says. "It's wrong."

Joe Laszlo, a voice for the Reciprocal Advertizing Chest, says mobile advertising is still relatively inexperient, and numerous companies that broker ads are still stressful to figure verboten how to screen the bad actors. "Thither are no lesser standards for mobile ads," Laszlo notes. "Ads that are deceptive and fraudulent are no good, whether it's on a desktop Browser or mobile device."

5 Safe-Phone Tips

Hither are five precautions that you can take to keep mobile malware inactive your phone.

1. Beryllium suspicious of messages that crop up connected your phone and arrogate you need to update the device's software package. When in doubt, call your wireless carrier and deman if you really need a patch or update.

2. Download mobile security measur trade protection. Lookout Mobile Security measures is a good free app; AVG Antivirus offers Anti-Computer virus Unimprisoned and Norton has Norton Mobile Security department. (See related: Protect Your Android Phone with Protection Apps)

3. Pay finish care to the permissions that apps request. Google's Android Market breaks down exactly what each app wants to access on your phone. If a ticktacktoo secret plan wants to read your phone's contacts, for instance, be shady.

4. Read app reviews carefully, and consider the app's star rating and how many people have downloaded it. Be suspicious of 3rd-party app stores that offer paid apps for escaped.

5. Watch for signs that your phone English hawthorn be infected. If you see that your phone has sent text messages operating room netmail, or situated calls that you didn't initiate, your phone is probably compromised.

Source: https://www.pcworld.com/article/477406/sleazy_ads_on_android_devices_push_bogus_battery_upgrade_warnings.html

Posted by: butleradaines.blogspot.com

Share this post