The researchers contend that the libraries used for creating these ad-filled applications contain flaws.
This means that it is possible for criminals who are intent on gaining access to a customer’s private details can easily manage it. One expert told arstechnica.com: “[These apps] go a step further by making use of an unsafe mechanism to directly fetch and run code from the Internet, which immediately leads to serious security risks.”
What this computer speak means, I think, is that free Android Apps that run company adverts are using coding that can be bypassed or altered, thus putting the user at risk.
It has to be said that criminals must have knowledge to alter the coding, but given Android’s recent and regular malware attacks this is very worrying. In some ways it is easier to do.
The researchers themselves do point out that the apps themselves are harmless. That isn’t the problem. What is the problem are the adverts – they are granted the same permissions as the application itself when the latter is installed on a machine such as a smartphone.
This means that any advertiser who wishes to add malicious coding can do so without the user being aware.
I suppose the answer to this is that consumers should buy ad-free software. After all, Android Apps are not expensive, so why risk your privacy for a few pounds.