Mobile security company Lookout warned that user privacy is being compromised by mobile ad providers.

It said ad providers have become more aggressive over the past year, using tactics such as sending out-of-app ads, changing browser and other settings, and accessing personal information without informing users. Lookout has determined that more than 5 percent of free apps have included "aggressive" ad networks, meaning millions of people are being affected.

Although mobile advertising “is critical to a free app ecosystem” and provides the majority of developer revenues, Lookout said the boundaries around how apps and ads should treat user information are unclear. “As a result, individuals’ privacy can be violated and their mobile experience is disrupted with aggressive ads,” it said.

The security firm has published a set of best practice guidelines for ad providers, covering transparency and clarity of data collection, individual control over information collected, ad delivery and display behaviour, collection and retention of personal of device data and secure transport of sensitive data.

Requirements include clearly visible opt-in or opt-out options within apps if ad networks intend to access personal information or modify browser or mobile desktop settings; clear attribution of host apps for ads appearing outside apps; and secure transportation of personal and device identifier information. Ad providers will also be expected to provide comprehensive privacy policies to their app publisher partners.

“People want to have confidence and trust that they’re not being compromised while on devices that have access to their most personal information,” said director and co-chair of the Future of Privacy Forum, Jules Polonetsky.

“These guidelines make it clear, while mobile marketing business models and practices are still developing, some practices are out-of-bounds. That’s good news for both consumers and responsible businesses,” Polonetsky added.