Downloading apps carries a risk

In February, cellphone users in the United States passed a defining threshold:

Half of all mobile subscribers - 49.7 percent according to Nielsen research - now own smartphones, compared to 36 percent at the same time last year. That rapid growth means more people than ever have access to a growing library of paid and free applications that can entertain, educate and keep us connected to the world.

But these applications, and the advertising contained inside, also carry risks. And a growing body of research suggests the hidden costs - both in terms of security and performance - can be significant.

Researchers at North Carolina State University, for example, examined 100,000 apps in the Google Play market to learn more about the advertising embedded in the programs. These ad libraries, which run alongside content, allow developers to earn money even when the app is free.

They found that most of these ad libraries accessed private information, like GPS location, through the phone. They reasoned that such information could be used to create more targeted promotions.

But about 5 percent of these apps allowed advertising to access other data, such as call logs, browser bookmarks and lists of other installed apps.

A much smaller percentage of the worst offenders used ad libraries with the ability to grab and run code downloaded from the Internet - a potential backdoor for malicious code.

Xuxian Jiang, an assistant professor of computer science at NCSU and co-author of the findings, said privacy and security are the two main concerns for consumers downloading mobile apps.

"Privacy risks are about stealthily collecting personal information and sending them off the phone," Jiang said in an email. "Security risks really come from those malicious apps that compromise the phone integrity and do some nasty things."

While markets like Google's Play and Apple's App Store screen out most unsafe applications, Jiang said, he doesn't think developers are doing enough to educate consumers.

"A significant portion of apps do not explain or justify why certain types of personal information are needed," Jiang said.

But there is an important step smartphone owners can take to protect themselves: Apps require permission to access personal information stored on the phone, and these are the same permissions the ad libraries that Jiang's team studied can potentially abuse.

"There is a need to look carefully at those permissions being requested by the app," Jiang said. "Also, if possible, only download apps from trusted stores, and examine those ratings."

Security and privacy aren't the only areas where smartphone users should be focused. Researchers at Purdue University have found that in-app advertising - and not just the applications themselves - also can be a serious drain on a device's battery life.

Using an energy-profiling tool the researchers created called eprof, they found that advertising gobbles up 65 percent to 75 percent of the energy used by popular free applications.

According to Abhinav Pathak, a doctoral student at Purdue and co-author of the findings, the team hopes to use eprof to create a better way for consumers to educate themselves about the power consumption of the apps they download.

In the meantime, there are a few ways users can improve battery performance, like turning off 3G and GPS or dimming the screen. But Pathak points out there's only so much users can do.

"The onus of energy saving lies in the hands of the developer and not the user," Pathak said in an email. "It should be the developer who should be worried about the energy drain."

Fixing these advertising problems may be a tall order. But with more research attention and a rapidly expanding user base, the pressure hopefully will be enough to persuade developers to build a better download.

Hide Comments


Loading comments...
Hide Comments