Last week Symantec reported 13 potentially malware-carrying Android applications, that it said may make up a family of botnets. Mobile security firm Lookout Mobile, however, is now saying the apps are just an advertising network.
“We disagree with the assessment that this is malware, although we do believe that the Apperhand SDK (Android.Counterclank) is an aggressive form of ad network and should be taken seriously,” said Lookout Mobile in a blog post.
On Friday, Symantec found a number of gaming and explicit-content applications that it claimed was from the the Android.Counterclank family. Android.Counterclank bares a resemblance to Android.Tonclank, which has been defined as a botnet string. Botnets steal information from your devices and then use them to infect and control other devices in comes in contact with. At the time, however, Lookout Mobile did not agree and said while it wasn’t sure what these applications were, they were not malicious as Symantec had suggested.
“Malware is defined as software that is designed to engage in malicious behavior on a device,” Lookout said, “Apperhand doesn’t appear to be malicious, and at this point in our investigation, this is an aggressive form of an ad network – not malware.”
It’s hard to tell the different between spam and the real thing. Sometimes spam can be malicious, with links that download software to your device, or steal your personal information. Some spam, however, exists only as an annoyance. It interrupts your activities, makes you pay attention to something unwanted, and can sometimes go over the top in the ways it gets your attention. That’s exactly what Lookout Mobile is defining this string of applications as: aggressive advertising.
Apperhand skates on the line of what is an accepted intrusion from an advertisement. The applications do identify your device in its servers, but it does not collect other data. It also able to send push notifications to your phone, what some call the “pop-up window of mobile.” These are annoying because, like a pop-up, they really do disturb your activity and force you to take an action. Regular advertisements usually sit at the bottom or top of an application and does not interrupt the application itself.
It is also capable of downloading an icon to your mobile desktop, which is where Apperhand skates much closer to the line. According to Lookout, this icon leads to a web search tool, which only provides safe content. It is still capable of downloading unwanted content to your phone, however, which is a form of spam. Lastly, Apperhand can download bookmarks to your mobile browser, which is over the line for Lookout. Browser bookmarks and toolbars in PCs can be very dangerous, and act as an easy gateway for malware. It seems, however, that this is not the use case for Apperhand, though it should be watched.
Both Symantec and Lookout are continuing research into these applications, especially as previous forms of Apperhand were labeled as dangerous. Some of the apps identified by Symantec have been taken down from the Android app store already, but Lookout warns that this may be for other reasons such as copyright infringement.