Ecomonic Times: A team of security researchers led by North Carolina State University associate professor Xuxian Jiang is warning that even if a mobile app is secure, the ad networks it uses may not be. Examining 100,000 apps from the Google Play app store, the researchers found that 48,139 of the apps had ad libraries that tracked a users' locations via GPS, a fact which users might find troubling. In addition, 297 of the apps posed a more serious security risk because they included aggressive ad libraries that download and run code from remote servers. "Running code downloaded from the Internet is problematic because the code could be anything," explained Jiang. "For example, it could potentially launch a 'root exploit' attack to take control of your phone, as demonstrated in a recently discovered piece of Android malware called RootSmart."
The team will present their findings April 17 at the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks in Tucson.