Sign up to our newsletter
The latest security news direct to your inbox
Even if you’re not an Android user you may have heard the loud cries of “foul” over Google’s recent removal of ad-blocking apps from the official Android store, Google Play. What you might not realize is the potential increase in risk resulting from this action.
In recent years, millions of people who use Android devices have downloaded apps that enable some ads to be blocked. Google seems to have decided this was not a good thing and took action to make such apps harder to find and install, effectively banning them from the official Google Play store. This action was reported by PCMag and Android Police and backed up by statements from some of the app developers affected, such as Adblock Plus. As far as we know, there has not been any formal statement by Google about this, but the notifications received by developers were very formal:
REASON FOR REMOVAL: Violation of section 4.4 of the Developer Distribution Agreement.
After a regular review we have determined that your app interferes with or accesses another service or product in an unauthorized manner. This violates the provision of your agreement with Google referred to above.
If you are interested, the full Developer Distribution Agreement is online. When you read it you can see that Google was within its rights to take the action. Consider this, if you create a cool website offering valuable information funded by selling ads on the site, but I help people to get that information without seeing those ads, I am clearly are interfering with your business. But the manner in which this apparent ban on ad-blockers was introduced, without any public announcement, produced a lot of speculation as to the logic behind it. Was it due to security issues surrounding the way these apps work? Was it just because Google is greedy for every last penny of ad revenue?
So let’s skip the wild speculation and go straight to what we do know: this action will cause some Android users to seek out ad-blocking apps at unofficial Android stores. And that is where you find the risk that concerns us. Despite the best of intentions, all sources of Android apps, Google Play included, currently struggle to keep out malicious apps. That free ad-blocker you want might just come with a whole lot of extra code that will try to do things you don’t want, like sign you up for premium rate SMS services.
Of course, some experienced and tech-savvy Android users will tell you that this is not a problem, as long as you use common sense and do not grant excess privileges to the apps you install. Indeed, a lot of Android fans told my colleague Stephen Cobb exactly that when his remarks about Android security appeared recently. But when an NBC reporter went to a college campus and asked smartphone users if they had considered this possibility, a lot of them said they had not. That is scary.
The fact is, in the age of connectivity, we all have a responsibility to keep our connected devices healthy. Your friend’s friend who sideloads an infected app onto his Android today could find that app is posting a scam link on your friend’s Facebook page tomorrow, a link that you fell for because it came from a friend. Unless you are positive that you know what you are doing, don’t stray from the Google Play store. And even there, when you pick a new app, read all that stuff it asks you before you agree to install it. And if don’t like Google blocking ad-blockers, ask them why they did it.
Author Cameron Camp, ESET