An easy attack vector for threat actors is malicious or simply misleading advertising on mobile applications. For this reason, it is key that companies and their security teams focus on stopping sources of malicious advertising. A new security blog post from Google seems to show an understanding of this. The post, written by
The post qualifies disruptive ads via the following definition:
We define disruptive ads as ads that are displayed to users in unexpected ways, including impairing or interfering with the usability of device functions. While they can occur in-app, one form of disruptive ads we’ve seen on the rise is something we call out-of-context ads, which is when malicious developers serve ads on a mobile device when the user is not actually active in their app.
According to Bjorke, Google has implemented a machine-learning based approach to determine what ads may be malicious or misleading in an application. The result of this recent development is roughly 600 apps being booted out of the Google Play Store for hosting disruptive ads.
The post also states what Google plans to do in the future to further protect against such apps entering its Play Store:
As we move forward, we will continue to invest in new technologies to detect and prevent emerging threats that can generate invalid traffic, including disruptive ads, and to find more ways to adapt and evolve our platform and ecosystem policies to ensure that users and advertisers are protected from bad behavior.
While the statement is quite vague, it is hopefully indicative of Google’s actual policy going forward. Problems with the Play Store have been detailed on TechGenix many times, and it has been a haven for malicious applications of all kinds. If the company wishes to keep any sense of customer loyalty, following through on these words is the only way forward.
If this proves to be lip-service, hey, at least there is always F-Droid.
Featured image: Shutterstock