Security firm aims to stamp out 'aggressive' mobile-app ads
Lookout threatens to paste the "adware" label on ad networks that lack privacy policies or fail to allow users to opt out of ad-forced changes to phone settings.
Have you ever downloaded a free mobile app and then noticed an ad invading your phone's notification bar? That's an example of aggressive advertising, a trend that mobile security firm Lookout is trying to squelch with the release on Monday of app ad guidelines.
Lookout's Mobile App Advertising Guidelines are designed to encourage ad networks and app developers to improve their privacy practices. If reckless mobile ad practices continue, apps risk being labeled as adware by Lookout. Worse, the industry could face regulation, says Lookout Chief Technology Officer Kevin Mahaffey.
"I think we can solve this problem through app developers and ad providers agreeing on the standards. I don't think there is widespread malicious intent," he said in an interview with CNET. "I think there are a lot of unknowns about what is acceptable behavior.... We want to fix this problem before it gets so big that it needs regulation."
More than five percent of free apps in the Android market include aggressive ad networks, affecting an estimated 80 million downloads, Mahaffey said. In addition to ads unknowingly installed in the notification bar and unwanted bookmarks that lead to ads, other obnoxious ad practices include adding ad-related icons to the home screen and sending the user's e-mail address or phone number to a server without notifying the user that personally identifiable information will be accessed.
The aggressive advertising behavior is primarily seen on Android phones as opposed to Apple's iPhone, largely because Android's open platform gives developers more freedom to tweak operating system functions and other settings.
Lookout's Mobile App Advertising Guidelines will require ad providers to:
- provide comprehensive and readable privacy policies and FAQs that app developers can integrate into their apps
- give users the ability to either opt in or opt out of having the ad network access personal information like phone number, e-mail address or name
- offer the ability to opt in or opt out of ad-related changes such as browser and home screen settings modified and specify which app is responsible for ads that appear outside of the app, such as in the notifications bar
- replace permanent device identifiers with temporary identifiers that still allow for targeted advertising but without revealing excessive information
- avoid collecting device identifiers that are tied to mobile subscriber IDs unless necessary to provide a service or feature
- encrypt personal information sent back to the server
Apps are supposed to have privacy policies, at a minimum. California's State Attorney General Kamala Harris is extending the state's strong online privacy act to mobile apps and has. Despite that announcement in February, many apps still don't have privacy policies yet, according to Lookout.
Lookout hasn't yet said when it will begin warning users about overly aggressive ad networks, though the company is exploring different ways of notifying people. For instance, people who have the mobile Lookout app installed could receive an alert that warns them when they install an app that has aggressive ad behavior, Mahaffey said.
In the meantime, there are apps that can help users figure out which app is responsible for the ads on their phone. Addons Detector spells out what ads and tools each app uses. And Lookout released a free Ad Network Detector app in February that shows users what information an ad network within an app can access.