January 28, 2012 | by Jamie Maltman
As a follow up to yesterday’s warning from Symantec about the threat of Android.Counterclank, Lookout Mobile Security came out with a more nuanced perspective on the Apperhand SDK central to the issue.
Unlike Symantec, they don’t go as far as to consider it malware, since it is not specifically engaging in malicious behaviour or stealing personal information, but they do consider it an aggressive form of ad network that you should think twice about permitting on your device.
They actually said that it is actually less aggressive than a similar one distributed in June 2011 that collected more private data. Apps including the Apperhand SDK do however allow for four annoying consequences that you probably didn’t expect when you downloaded the app:
- Identifying your device uniquely from its IMEI
- Potentially delivering “Push Notification” ads to the user
- Pushing their search icon onto your desktop
- Pushing their bookmarks to your browser
Remember, you are shown the permissions an app requires on installation so you can make an educated decision on whether to install. If you agree to this, you’re allowing these types of results. This case should be a good reminder to carefully consider what you’re granting them. If something looks inappropriate, research it further, or don’t download at all.
Lookout said they are continuing to monitor these trends in the app space, and are doing a good job to try and educate users about the risks. As the Android ecosystem continues to grow at its rapid pace, there will be more situations like this that find themselves on the borderline between annoying and malicious, and here at Androinica we’ll do our best to help keep you informed.