Bitdefender has found that 90 percent of free Android apps harbour adware, with aggressive adware peaking at around 75 percent of worldwide analysed apps in July 2012. Adware also continues to dominate Bitdefender’s UK detection charts.
While regular adware is usually limited to pop-ups, apps bundled with aggressive adware are creating shortcuts on a user’s screen, changing default search engine settings and even pushing notifications to the Android notification tray – often causing performance degradation.
“Aggressive adware was once limited to desktop and laptop computers but the latest findings from the Bitdefender Labs suggest the same scenario is playing out in the mobile device landscape,” said Catalin Cosoi, Chief Security Researcher at Bitdefender. “Android’s permission system includes no details about adware or the resources it might access, making it hard for users to spot aggressive adware behaviour until the app has been installed or an antivirus solution has flagged it.”
As detected by the Bitdefender Labs, the most popular app that includes aggressive adware is Ant Smasher, with more than 50 million installs from Google’s marketplace. On third-party marketplaces, it contains aggressive adware that could affect the overall performance of both the game and the device.
Another example of a Google Play app with aggressive adware is Galaxy S3 Go Launcher Ex. With more than 500,000 installs, the app is supposed to install a theme pack that will turn a user’s home screen into a Galaxy S3 look-alike. However, additional home screen shortcuts along with changing default search engine settings turn it into an example of aggressive adware.
Variants of adware-bundled Network Signal Booster were also found on third-party marketplaces, bombarding users with unsolicited ads and messages. Having around 1 million installs in Google Play, the app is clearly used by many on a regular basis.
The number one detection in the UK is classified as Android.Adware.Mulad.A by the Bitdefender Labs. Aggressive adware such as this is usually bundled with a variety of apps, and it usually means that more than one adware framework is used.
Most developers make use of such frameworks because they are fully customisable and easy to integrate with any app.
The Adware.Mulad family is prolific in the UK, as Android.Adware.Mulad.A alone had a 30.63 percent detection rate in August. Interestingly, Android.Trojan.FakeDoc.A ranked second, with a 14.18 percent detection rate. Known as “Battery Doctor,” the Trojan intercepts emails and SMS messages and broadcasts them to an attacker-controlled server, without users’ knowledge.