Grayware: Casting a Shadow over the Mobile Software Marketplace

3442719_-_mobile_device_grayware_concept.png
One of the most problematic areas in mobile security today is “grayware.” The dividing line between legitimate software and malware is not clearly drawn and grayware often occupies this murky middle ground. Grayware is applications that may not have any recognizable malware concealed within them but can nevertheless be in some way harmful or annoying to the user. For example, it might track their location, Web browsing habits or serve up unwanted ads. In many cases, grayware authors often maintain a veneer of legitimacy by outlining the application’s capabilities in the small print of the software license agreement. 
 
Grayware is not a new phenomenon and it first began to attract attention well over a decade ago when unwanted extras, such as spyware, were often packaged with free applications. As PC users became more savvy and aware of what they install, the controversy died down. However, the arrival of the new generation of smartphones has created a brand new software market. Consumers are prone to treat the mobile software market with the same degree of naivety that they may have treated the desktop space ten or fifteen years ago. Mobile apps are often installed with little or no consideration of what they may be capable of.
 
How big is the problem? Data collected by Symantec suggests that over a third of all mobile apps can be regarded as grayware. By the time the new version of Norton Mobile Security launched last year, Norton Mobile Insight, Symantec’s app analysis tool, had analyzed more than four million apps and found that 1.5 million could be classed as grayware. This compares to 300,000 apps that were classed as malware. 
 
Grayware can be anything from an app that plays fast and loose with the user’s privacy to something far more elaborate. For example, Symantec recently discovered a grayware app that encouraged Instagram users to share their usernames and passwords in order to increase likes and followers. The app, known as InstLike, was for a time available on the Apple App Store and the Google Play Store, but both companies have since removed it. 
 
The app claimed that it could provide people with followers and likes for free. However, it demanded a user’s login credentials for Instagram. The app was then given significant control of a user’s Instagram account, automatically liking photos without any user interaction.
 
One class of mobile grayware that has grown in recent years is what’s known as “madware.” This refers to apps that use aggressive ad libraries. An ad library is a component of an app that can collect information about the user for the purposes of displaying targeted advertising. It is a common feature of free apps, which usually rely on advertising for revenue. However, some ad libraries adopt aggressive tactics, such as leaking personal information, displaying ads in the notification bar, creating icons for ads or changing bookmarks. 
 
Recent research by Symantec found that of the 65 known ad libraries, over 50 percent can be classified as madware. The percentage of apps that utilize madware has risen steadily. For example, 23 percent of apps on the Google Play store last year can be considered as madware, up from less than 5 percent in 2010. 
 
What can be done about grayware? Because it doesn’t cross the bounds of illegality, antivirus firms usually can’t block it. Occasionally it is removed from official mobile marketplaces such as the Apple App Store or Google Play because it violates terms and conditions. 
 
Knowledge is the best defense. In the same way that PC users are now a little bit more wary about what they install on their computers, smartphone users should take a moment to consider what they’re downloading and look into what permissions the app is seeking. 
 
There are also a number of tools you can use to help identify which apps may be taking liberties with your smartphone. For example, Norton Spot will scan your Android phone for aggressive ad libraries that may spam your device and identify the apps associated with them.