As many as half the apps in the Google Play market could be risking users' security and privacy.
Researchers from North Carolina State University examined 100,000 apps in the official Google Play market, and found that more than half contained so-called ad libraries.
And, they say, 297 of these apps included aggressive ad libraries that were enabled to download and run code from remote servers, placing users at risk of malware.
"Running code downloaded from the internet is problematic because the code,tly the same permissions that the user granted to the app itself when it was installed.
Jiang’s team found that almost half of the apps had ad libraries that tracked a user’s location via GPS - presumably to allow an ad library to better target ads to the user. However, 4,190 apps used ad libraries that also allowed advertisers themselves to access a user’s location via GPS.
Some ad libraries were accessing call logs, user phone numbers and lists of all the apps a user has stored on his or her phone.
And, sat the researchers, these ad libraries offer a way for third parties – including hackers – to download harmful or invasive code.
"To limit exposure to these risks, we need to isolate ad libraries from apps and make sure they don’t have the same permissions," says Jiang.
"The current model of directly embedding ad libraries in mobile apps does make it convenient for app developers, but also fundamentally introduces privacy and security risks. The best solution would be for Google, Apple and other mobile platform providers to take the lead in providing effective ad-isolation mechanisms."