Adware puts on football championship kit

Being an active football fan can lead to loss of your personal data and a stream of unwanted advertisements in your smartphone.

Every four years, Europe is totally immersed in its football competition. It’s everywhere: in grocery stores, billboards, TV, branded merchandise – even on smartphones.

There are around ten apps in the Google Play Store that pop up after a query for “football games 2016.” Are they real or are they adware – using a mix of misleading descriptions, social engineering, and our natural enthusiasm over football to send us deceptive advertisements and steal our personal data?

english1

Let’s take a look at just one of them: Football 2016:

After all, with a “best game of football of the year” description, we really must have it. But, there are few suspicious points that tell us something is amiss.

english2

 1st suspicious point: Excessive demands for access rights.

Does a simple game need to know our identity, location, info on our files, device ID, call information, and the app history? This is not just about data – it’s about you. Would you give a sales clerk this much information after buying the kit of your favorite football team?

adware-privacy policy

2nd suspicious point: (no) privacy policy

The opt-in announcement makes it clear that the app is ad-supported. This explicitly allows them to automatically collect the device number, IP address, list of apps on the device, and the geo-location. Included here is the device’s Google Advertising ID, a device specific anonymous ID for all apps distributed in the Google Play Store.

adware-ads

3rd suspicious point: Advertisement overdose

The app continuously bombs us with different advertisements and offers. There are too many ads for this game to be truly functional.

adware-virus alert

4th suspicious point: Deceptive popups.

Included with the advertisements are pseudo-security announcements with a message about a (false) infection detection. This stream of popups and screens, as an example of social engineering, makes it likely that we will accidentally install something unwanted.

adware-DU app
Funny fact: The suggested app is not even an Antivirus. It is a cleaning app from DU Apps. But it too wants access to your private data.

Who is playing who?

So at the end, trying to play a football game on our smartphone, we have ended being completely annoyed with too many ads and have quite possibly installed some unwanted applications. In addition, we’ve also given someone complete access to our private information on the phone.

So we uninstall Football 2016 in a huff.

But that is too late. Not only have they earned money by serving ads and convincing us to install additional apps, they have additional information about us and our mobile devices – where we go, what we do, and what apps we use. And this information can be further used by Airpush and anyone else they work with.

The slide into Adware

Avira detects this game app as adware – thanks to the activities of the Airpush advertising framework. “Airpush is one of the oldest adware frameworks in the business – and as a framework, they can send anything to the end users,” said Alexander Bauer, Android malware analyst at Avira.

english3
Android adware typically modifies existing web pages or opening additional ones to send users a stream of ads. It is usually installed directly by the users or are bundled together, as is the case with this football game, with other software into a single app.

Malicious android malware goes a step further and misuses access rights to take users’ private data, gain access to device functions via backdoors, and do other measures that result in direct costs for the user.

The security threat for users is that an aggressive adware framework can take ads from any source – good, bad, or ugly – and serve up links to fast-changing list of dodgy distribution sites without being specifically identified itself as malware.

english4

“We identify Airpush as adware because of the aggressive – and deceptive – way it places messages in users’ phones and the way it takes their sensitive information,” explains Bauer.

It’s more than just football

Adware for Android smartphones is much more than just football championships. “One of the prime ways to monetize smartphones – legally or illicitly – is by placing ads on them. With Airpush, this approach has gone over the line into adware territory. But, they are certainly not alone,” explains Bauer. “We currently have around 400 generic detections for Android adware which covers approximately 80 different aggressive advertising frameworks,“ stated Bauer. “Just for Airpush, we have about 20 detections.”

3 smartphone security steps

  1. Be careful where you get your apps. Google has improved its app vetting process, and it is safer than off- Google Play markets. However, this is not a guarantee.
  2. Look at the access rights. The access rights should correspond to what the app actually does.
  3. Scan your device. Use a security app such as Avira Antivirus to find and remove suspicious and malicious apps from your Android device.

Top 10 adware detections, June 16, 2016

Adware Detection NameAdware frameworkDetections
1Adware/ANDR.Airpush.O.GenAirpush1,790
2Adware/ANDR.Leadbolt.G.GenLeadbolt1,079
3Adware/ANDR.RevMob.A.GenRevMob663
4Adware/ANDR.Airpush.M.GenAirpush416
5Adware/ANDR.RevMob.B.GenRevMOb406
6Adware/ANDR.AirPush.MR.GenAirpush392
7Adware/ANDR.Leadbolt.D.GenLeadbolt319
8Adware/ANDR.Domob.G.GenDomob300
9Adware/ANDR.Airpush.A.GenAirpush285
10Adware/ANDR.Leadbolt.B.GenLeadbolt229