Mobile security company Lookout countered news that a number of Android Market apps contained malware called “Apperhand,” arguing that it does not fit the characteristics of malware – but noting that it is “an aggressive form of ad network and should be taken seriously.”
The company said that with malware defined as “software that is designed to engage in malicious behaviour on a device,” this is not an accurate characterisation of Apperhand. In a blog post, it noted: “the average Android user probably doesn’t want applications that contain Apperhand on his or her phone, but we see no evidence of outright malicious behaviour.”
Lookout said it is “researching ad networks closely,” arguing that while these are important for the overall mobile ecosystem, some “go beyond the commonly accepted behaviour of ad networks with more aggressive tactics.” It said that Apperhand appears to be related to previously distributed code which “crossed several lines” in the data it collected, but that the current version “does appear to have cleaned up its act somewhat.”
Among the capabilities of Apperhand is the ability to identify users by IMEI – although the raw data is obfuscated before it is sent to the server; send push notification ads to users; drop a search icon onto the homescreen; and push bookmarks to the browser. For the last three, Lookout used terms such as “not huge fans” and “bad form,” while also stating that this does not make it malware per se.
Lookout said that while a subset of apps using Apperhand have been pulled from Android Market, “it’s important to note that this does not include all identified applications, and reasons for removal may also include content, copyright, or other violations of the Android Market’s terms of service.”