Over the past few months we’ve seen mobile ad networks adopt increasingly aggressive methods of ad delivery. At Lookout, we’ve been particularly watchful of ad networks that are capable of pushing ads to the default Android notification bar, placing generically designed icons on the mobile desktop, and changing browser settings, like bookmarks or homepage. We’ve heard directly from our users that they find these ads especially confusing because the ads are displayed outside of an application. Often these ads can be misinterpreted as malware.
To give you more insight into which ad networks are present on your device, our Lookout Labs team has released a beta version of Push Ad Detector. Push Ad Detector scans your device for the presence of a select number of ad networks that are capable of displaying out-of-app advertisements. When an ad network is detected within an app on your phone, Push Ad Detector lists the app and the ad network. We want you to be able to make an informed decision about what apps and ad networks you keep on your phone. When possible, Push Ad Detector provides an opt-out link for the ad network.
It’s also common practice for ad networks to collect personally identifiable information for use in marketing campaigns. Much like ads served by email providers or social networks, this practice helps show more personalized and relevant ads to users. However, it is often unclear to users what information is collected. In addition, there are a number of best practices to make sure that the data collection is more secure, such as using hashing to obfuscate user identities. Push Ad Detector tells you exactly what personal data is being collected, and whether it is collected securely. This release tracks six of the more aggressive ad networks out there.
Ad Networks Detected
Airpush
Appenda
LeadBolt
Moolah Media
Startapp
Tapit!
Lookout Labs began development of this product late last year, planning to launch in late February. Considering the recent stir around ad networks and the amount of confusion these ads can cause, we decided to launch a beta version of Push Ad Detector today. As with any beta product, there are a number of features that we will continue to test and build on. Push Ad Detector is a free download in the Android Market. Are you going to download it? Let us know what you think!
Last Saturday, Opscode and Lookout hosted a Chef hack day at Lookout’s new office in San Francisco. For the layperson, Chef is a tool that lets Operations Engineers automate the hard work it takes to add new backend servers to support a website or mobile app. We had a great turnout; over 75 people from the Bay Area DevOps community came together for a day filled with good food, good people, and hacking!
Throughout the day, there were a number of mini-tutorials, workshops, and brainstorming sessions about how to solve common Chef problems. A big thanks to Opscode and everyone who came out to the event, we’re so glad you could join us. We can’t wait for the next Chef Hack Day!
Today, news came out that claimed a particular family of malware, termed ‘Android.Counterclank’, had infected 5 million users. We disagree with the assessment that this is malware, although we do believe that the Apperhand SDK is an aggressive form of ad network and should be taken seriously.
This isn’t malware.
The average Android user probably doesn’t want applications that contain Apperhand on his or her phone, but we see no evidence of outright malicious behavior. In fact, almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks – this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar.
Malware is defined as software that is designed to engage in malicious behavior on a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud.
Apperhand doesn’t appear to be malicious, and at this point in our investigation, this is an aggressive form of an ad network – not malware.
We’re researching ad networks closely.
We spend a significant amount of time looking not just at mobile apps, but also at SDKs that are commonly integrated into apps. We’ve recently been focusing heavily on the capabilities of various mobile advertising SDKs. We believe that ad networks are important for the overall mobile ecosystem; however, some advertising networks go beyond the commonly accepted behavior of ad networks with more aggressive tactics.
This particular ad network SDK, com.apperhand, bears similarities to one previously distributed in a number of apps in June of 2011 as the “ChoopCheec platform” or “Plankton”. Early incarnations of this SDK crossed several privacy lines in the data it collected about users, but the current version does appear to have cleaned up its act somewhat. That said, the current SDK has several capabilities that are common to many ad networks:
It is capable of identifying the user uniquely by their IMEI, for instance, but unlike some networks this SDK forward-hashes the IMEI before sending to its server. They’re identifying your device, but they are obfuscating the raw data.
The SDK has the capability to deliver “Push Notification” ads to the user. We’re not huge fans of push notifications, but we also don’t consider push notification advertising to be malware.
The SDK drops a search icon onto the desktop. Again, we consider it bad form, though we don’t consider this a smoking gun for malware provided the content that is delivered is safe. In this case, it is simply a link to a search engine.
The SDK also has the capability to push bookmarks to the browser. In our opinion, this crosses a line; although we do not believe this is cause to classify the SDK as malware.
Of the applications that were originally identified as malicious, a subset of them have subsequently been pulled from the Android Market. However, it’s important to note that this does not include all identified applications, and reasons for removal may also include content, copyright, or other violations of the Android Market’s Terms of Service.
We’re continuing our investigation.
At this point, it appears that what we’re seeing is an example of an ad network that pushes the lines of privacy. Over the past few months we have been closely tracking this, and we are seeing a trend of this type of behavior. While this is not malware, we do think that consumers should take it seriously, and we’re actively working on a solution to help users understand whether applications have potentially undesirable behavior such as this while not creating unnecessary worry.
Lookout believes in educating our users about the apps that they’re installing. We’ll have more to share about what we’re working on in this area in the coming weeks – stay tuned.
If you have questions, please comment or write us.
How Natisha learned about Lookout: “I was browsing for apps and found Lookout. I noticed that the app was highly rated and that the reviews said it was very ‘easy-to-use.’ They were right—I’m sure glad I downloaded Lookout!”
Moral of the story:
“Lookout saved me! Lookout stopped me from downloading a bad application on my phone.”
How Lookout Saved the Day for Natisha:
“My sister and I were installing apps to our phone, and we came across a game app that we both had been interested in downloading. When I went to install the app, I immediately got a notification from Lookout, alerting me that the content I was attempting to download was from a bad source. Without a second thought I refused it. I let my sister know that the app was not safe to download, but she didn’t believe me. If she had downloaded your app, she would have been protected!”
Here at Lookout, we like to push the boundaries of mobile. That’s why we started “Lookout Labs,” an initiative that enables our team to quickly create and launch new mobile products. Many of you have already had the chance to find a lost phone with Plan B, or learn a little more about Carrier IQ with our detector app; both were concocted in Lookout Labs. Today, we’re excited to introduce our Mobile Threat Tracker: (available for download on the Android Market). This interactive app allows you to zoom through time and watch as thousands of sparks light up the globe; each spark represents Lookout blocking a threat to protect a real user. With the Lookout Mobile Threat Tracker, you can now see the threats that Lookout identifies and catches every day. This app should answer some of the questions we get all the time: “Are there really mobile threats?” “How many mobile threats are there?” “What are the most common mobile threats?”
In the Mobile Threat Tracker app, tap on the information icon to see the names of the top three trending threats. Tap on a name to learn more about that threat. This week’s top threat, RuPaidMarket, masquerades as a useful app but actually sends premium SMS messages without allowing you to opt out, or letting you know that you will be charged.
Behind the Mobile Threat Tracker
As an engineering intern at Lookout, I love reading the stories that Lookout users submit to our company. It’s pretty cool to hear how Lookout has saved the day for our users by finding their lost or stolen phone, backing up their precious data, or blocking them from downloading a malicious app. I thought it would be interesting to build an application showing the many threats that Lookout detects across the world, telling the story of these individual users at a macro level. This was the idea behind the Mobile Threat Tracker. The Mobile Threat Tracker shows a globe against a starry backdrop where each flying spark is a mobile threat we’ve detected and blocked. With a swipe of your finger, you can travel through time to see mobile threat activity, and learn more about the top threats Lookout protected against for the current week. This data is updated hourly so you can see mobile threats appear and disappear over time.
We hope you enjoy using the Mobile Threat Tracker to see the mobile threats Lookout protects against across the globe. Download the app from the Android Market today: Mobile Threat Tracker. We’d love to know your thoughts, too: feedback@mylookout[dot]com. Be sure to stay tuned for more innovative projects from Lookout Labs!
Good news T-Mobile customers! Now, rather than manually entering in credit card numbers to purchase Lookout Premium, T-Mobile customers* can simply charge Lookout Premium directly to their T-Mobile phone bill. We’re excited to offer this new service as a secure and convenient way for T-Mobile customers to pay for Lookout Premium.
In addition to all of Lookout’s free features, Premium offers comprehensive protection with:
Safe Browsing to scan every site you visit and every link you click in real-time, protecting you against the latest online threats.
Remote Lock and Wipe to secure and erase the data on your phone if it is lost or stolen.
Privacy Advisor to help you make smart choices to protect your privacy
Back up to securely back up and restore photos and call history, in addition to contacts.
Download Lookout Premium for $2.99/month or $29.99/year today!
* Limited to T-Mobile devices preloaded with Lookout
What happens in Vegas, stays in Vegas— unless it’s the ground-breaking technology put on display at the annual Consumer Electronics Show, the largest trade show in the Americas. January 10th through the 13th, industry leaders commanded the CES stage to preview their innovative products with hopes of generating a buzz that’ll go far beyond the confines of Sin City. Here’s the Lookout lowdown on the week’s festivities:
CES 2012 was the year of sleek smartphones and cutting-edge tablets amid a sea of other high IQ gadgets. Yes, the devices we’ve come to rely on for staying in touch with the world and our friends have stepped up their game considerably. So keep your eyes open for these new toys— they’ll be coming to an electronics store near you soon enough.
Smartphones
Samsung Galaxy Note: Technically a smartphone, but with its 5.3 inch HD screen it could just as easily pass as a mini tablet. The device features up to 32GB of internal memory to go along with its remarkable screen resolution.
Sony Xperia S: Out of the five smartphones Sony presented, this one takes the cake, with a 12 megapixel rear-facing camera and Near Field Communication capabilities (the technology behind mobile payments).
Motorola Droid Razr Maxx: Remember the Motorola Razr flip phone that was all the rage way back when? Just 9mm thick, the second coming makes its predecessor go dull. Already released by Verizon, the Razr Maxx is a fine choice if you’re in the market for a new smartphone.
Tablets:
Lenovo IdeaPad K2: Initially launching in China, the tablet features a finger print reader, dual speaker system and will run Android 4.0 Ice Cream Sandwich.
Acer Iconia Tab A700: With an incredibly bright and clear screen (1925 x 1200 pixels) and 9800 mAh battery, this is the perfect device to get you through long flights or road trips.
Asus MeMo: By delivering a quad-core Nvidia Tegra 3 processor into a 7-inch Android Ice Cream Sandwich tablet, the Asus device is a legitimate competitor to the Amazon Kindle Fire.
As progressive as these new devices may be, they’re not immune to the security risks of our mobile habitat. Setting passcodes, avoiding suspicious websites and downloading a mobile security product like Lookout are great ways to get peace of mind.
Who knows what’s in store for next year’s convention? My money’s on the world’s first flying smartphone.
Over the past few weeks the Carrier IQ PR firestorms has died down, and the dialog has evolved from initial speculation of a ‘rootkit’ to objective evaluations of what personal data is collected, and when. One of the most informative examples of the latter is Peter Eckersley’s December 13th overview at the EFF of Carrier IQ’s software architecture – recommended reading for more technically curious readers out there.
In developing Carrier IQ Detector, we discovered very similar results to those published by the EFF. The take-home message is that determining whether or not a device has an active instance of Carrier IQ is a very nuanced subject, with dependencies on software developed by Carrier IQ, handset manufacturers (also referred to as OEMs), mobile operators, and chipset manufacturers. After individually inspecting a number of handsets that cut across a variety of US carriers and OEMs, we decided to develop our detector to report positive detections of Carrier IQ if a single relevant file is found. This approach brings with it both an upside and downside:
Upside: It provides the broadest detection reach possible
Downside: Our detector registers the presence of Carrier IQ in some cases where the software is not active
After hearing from some of our customers that this specific nuance of the detector wasn’t clear, we’ve updated the app description to make sure this point is emphasized. Read more
2011 was truly an incredible year for mobile technology. We witnessed revolutions greatly aided by new mobile technologies and social media. We saw mobile devices transform into digital wallets and watched smartphones become even smarter with the release of the iPhone 4S and Galaxy Nexus S. But as the capabilities of smartphones grow, we will all need to work together to foster a safer mobile environment. We’ve pulled together a few New Year’s resolutions for 2012. With these simple resolutions in mind, we look forward to a bright year ahead!
Let’s foster a constructive conversation about the mobile landscape.
Threat statistics can be informative, they provide mobile users valuable knowledge about fraud practices on the rise and commonly exploited security loopholes. However, sounding a constant alarm that threats have increased by hundreds of percentages without providing the right level of context isn’t extremely helpful. In the PC industry, security companies often promote the need for antivirus protection by creating anxiety among their users. Let’s not do the same in mobile security. Instead, we can provide data-driven guidance so users can understand and avoid specific risks. We owe it to our users and to other companies in the mobile industry to help them understand threats and what they can do to stay safe, not just to keep them on their toes. We can all be prepared without being scared.
Our resolution: We will regularly share threat information and security trends in a constructive manner, avoiding the unnecessary creation of FUD among mobile users.
Let’s stop stating that the App Store is a silver bullet to secure iOS and that the openness of Android makes it a magnet for malware. No single operating system is immune to security threats.
Both the Android and Apple operating systems are exposed to mobile threats; currently, we are just seeing different threats targeting each platform. Android’s open architecture and distribution system may offer a few more “on-ramps” to threats, but both the Android and Apple operating systems are exposed to web-based threats and software vulnerabilities. Both platforms are rapidly growing and both face distinct security challenges. It’s a potentially dangerous fallacy to believe that any mobile platform is impervious to threats. Whether by net or by harpoon, malware developers are out to catch anything they can.
Our resolution: We will continue to uncover and obstruct the largest security threats facing the mobile user, wherever they emerge.
Let’s work together to get security patches to users more quickly.
When preventable fraud is freely circulating among mobile users, time is money – often the mobile users’ money. As an industry, we need to accelerate our response to known threats, both in the creation and distribution of security measures. There is opportunity for improvement among device manufacturers, carriers, software providers and other members of the mobile ecosystem. Device manufacturers have taken many months to patch known bugs, and due to the complexity of the patching process, some Android devices don’t even receive patches that Google makes available. It’s not an easy problem to solve. But it’s important, especially as mobile threats grow in their ability to cause damage. Google has made strides in requiring 18-month release windows and Apple has added over-the-air updates to iOS 5, but there is still more we all can do to make sure that the device in your pocket or purse is as secure as possible.
Our resolution: We will work even more closely with carriers, device manufacturers and app distributors to inform them of specific threats and do all we can to facilitate rapid response to mobile users.
In the coming year, we hope to see these mobile industry resolutions become realities.
If you are one of the 6.8 million people who activated a new Android or iOS device on Christmas Day, we hope you are enjoying your new smartphone or tablet.
You’ve probably already hooked up your email, Facebook and Twitter accounts and sent plenty of text messages. So what’s next? Here’s a quick checklist to make sure you aren’t forgetting anything to set up and secure your new device:
Download a mobile security app (would you expect our first tip to be anything else?): Whether your new phone or tablet was a gift from your family or from yourself, protect your investment! Lookout will help you keep your device safe by protecting it from mobile threats, backing up your precious data, and helping you locate your device if it is lost or stolen. So before you download any other apps, download Lookout!
Set a passcode: While it may seem like a hassle to unlock your device every time you use it, this is your first line of defense if your phone or tablet is ever lost or stolen. And it will keep you from butt-dialing any of your contacts.
Set up your voicemail: This is easy to overlook when you are setting up your phone, but even if you don’t personalize your greeting, make sure you set a passcode so that no one can access your voicemails besides you. Just go into the Voicemail app on your phone and follow the insrtuctions to change your greeting. To change your password on iOS go into Settings > Phone > Change Voicemail Password. On Android, go into Voicemail > Menu > Settings > Personalize voicemail.
Make sure your software is up to date: When you get a notification that there is a new software update available for Android or iOS, download it as soon as possible so that your device receives the latest feature and security updates.
Start downloading apps! One of the best parts of having a smartphone is having access to thousands of apps. They will help you take notes, snap pictures, find daily deals and pass the time – so browse through the Android Market or App Store and find your favorites.
Once you complete these 5 steps, you can search for apps, surf the web and browse social networks with confidence, knowing that your data and shiny new device are protected.
For extra protection, you can upgrade to Lookout Premium for Android for $29.99/year or $2.99/month. If you upgrade between now and Dec 31st, we will donate $5 of your Premium subscription to Room to Read!
About this blog
This is the official blog of Lookout, a mobile security company in San Francisco. Find out more about us or our product.
Download Free
Learn More
To give you more insight into which ad networks are present on your device, our Lookout Labs team has released a beta version of Push Ad Detector. Push Ad Detector scans your device for the presence of a select number of ad networks that are capable of displaying out-of-app advertisements. When an ad network is detected within an app on your phone, Push Ad Detector lists the app and the ad network. We want you to be able to make an informed decision about what apps and ad networks you keep on your phone. When possible, Push Ad Detector provides an opt-out link for the ad network.
Ad Networks Detected
This interactive app allows you to zoom through time and watch as thousands of sparks light up the globe; each spark represents Lookout blocking a threat to protect a real user. With the Lookout Mobile Threat Tracker, you can now see the threats that Lookout identifies and catches every day. This app should answer some of the questions we get all the time: “Are there really mobile threats?” “How many mobile threats are there?” “What are the most common mobile threats?”
backing up their precious data, or blocking them from downloading a malicious app. I thought it would be interesting to build an application showing the many threats that Lookout detects across the world, telling the story of these individual users at a macro level. This was the idea behind the Mobile Threat Tracker. The Mobile Threat Tracker shows a globe against a starry backdrop where each flying spark is a mobile threat we’ve detected and blocked. With a swipe of your finger, you can travel through time to see mobile threat activity, and learn more about the top threats 
© 2012 Lookout, Inc. All rights reserved. Patents pending.