The mobile advertising libraries that developers use to track behavior patterns and generate revenue are a potentially serious threat to the security of smartphone- and tablet-equipped businesses, according to a report released yesterday by Mojave Networks.
The startup, which offers a cloud-based mobile security service for businesses, performed an analysis of 11 million URLs contacted by apps on its customers’ devices. It found that major ad networks like AdMob and Flurry persistently “leaked” private information, including lists of installed apps, geolocation data, zip codes, device IDs, and even browser histories – and that nearly two-thirds of apps downloaded by customers tried to contact such a network.
It’s a big issue, wrote lead threat engineer Ryan Smith in a blog post, because of a lack of transparency. It’s frequently not apparent which apps use which ad libraries – many of which, he notes, are perfectly safe - which means that users often can’t be sure who exactly is getting access to their information.
“Unfortunately, when you give permission to an app to access your private or sensitive data, you’re also giving access to each of the included libraries and their author(s), whether you know it or not,” he wrote. “This is like entrusting your house keys to your teenage child for the weekend, only to have them immediately make copies for their friends, unbeknownst to you.”
Business users and consumers were equally likely to install apps that exposed private personal or corporate information to outsiders, Smith added, making the issue critical to enterprise security. It’s vital for businesses to keep an eye on these libraries, in order to safeguard sensitive data.