Linked by Thom Holwerda on Thu 14th Mar 2013 10:26 UTC
Google In all honesty, this has taken far longer than I anticipated. Google, the world's largest internet advertising company, has removed several popular ad-blocking tools from the Play Store. While they are technically in the right to do so - they violate the Play Store developer distribution agreement - it's still a bit of a dick move. Luckily, though, unlike some other platforms, you can easily sideload the adblockers onto your Android device.
Thread beginning with comment 555497
To view parent comment, click here.
To read all comments associated with this story, please click here.
Laurence
Member since:
2007-03-26

It's well known that ads are a popular attack vector for malware. So for me, adblockers are a security measure first and foremost.

On PCs sure. But I've yet to hear about Android malware spreading via adverts (if you have any evidence to the contrary then I'd be interested to read it ;) ).

Furthermore, preventing advert-based malware from spreading on the PC can be largely mitigated by disabling a few things like Java plugins from auto-starting. Plus doing so will prevent other drive-by download attacks as well (eg hacked legitimate sites) where as using adblockers will not.

So I really don't agree with adblockers as security precaution. At best, it prevents one niche of attacks which would be prevented anyway if you took the precautions required to prevent the other forms of drive-by download attacks. In laymans terms, what you're proposing is snake oil.


As for Android, I do not demand free content; if there's an ad-based 'free' version and an ad-less paid version, I am happy to pay for it.

Sadly you're in the minority there. Which is exactly why I said I'd rather have seen Google trusting users than removing the opinion, but trusting users to "do the right thing" is rarely every going to work.

If Google wants to pull adblockers from the Play store, that is certainly their right, but I wish at the very LEAST they would clearly mark the apps that are infected with adware, so I'll know which ones to avoid in the future.

It's not too hard to work out:
* If it's free and it looks like some effort has gone into it, then it's ad funded.
* If there's a free version and a "premium" version, then the free version will be ad funded.
* And if the former two points don't help, then just read through the comments before installing.

People rarely pay any attention to the permissions list when installing new applications as it is, adding other things like whether it's ad supported would just create an even bigger wall of text and encourage more people not to bother.

Edited 2013-03-14 23:44 UTC

Reply Parent Score: 4

WorknMan Member since:
2005-11-13

On PCs sure. But I've yet to hear about Android malware spreading via adverts (if you have any evidence to the contrary then I'd be interested to read it ;) ).


I don't know of any specific cases on Android, but I'm guessing it's only a matter of time, either through applications or the web itself.

Furthermore, preventing advert-based malware from spreading on the PC can be largely mitigated by disabling a few things like Java plugins from auto-starting.


Right, you could disable Java, Flash, Javascript, etc, which would probably block most ads by default, and break the web in the process.

People rarely pay any attention to the permissions list when installing new applications as it is, adding other things like whether it's ad supported would just create an even bigger wall of text and encourage more people not to bother.


Actually, I was thinking more of a setting in options that says 'do not list any applications with adware'.

Reply Parent Score: 2

Laurence Member since:
2007-03-26


I don't know of any specific cases on Android, but I'm guessing it's only a matter of time, either through applications or the web itself.

Google controls most of the in app ads so I'd be surprised if anything leaked through that way. But I could see the potential with web adds though. In either case, users would have to have side-loading apk files enabled, and even if that is, users would still be prompted with a permissions / install screen should an apk file try to auto-install.

I will admit that I've not done a huge amount of security testing in Android (unlike securing Windows and Linux; which is part of my day job), but I think it's quite hard to sneak malware onto the phone itself without tricking the users into installing an apk. So the biggest threat would be more social engineering (eg porn sites that say they are only viewable via a specific Android codec) than drive-by downloads and other such attacks that silently infect the client.

Right, you could disable Java, Flash, Javascript, etc, which would probably block most ads by default, and break the web in the process.

You don't really need to disable Javascript. It shouldn't be possible for Javascript to break out of it's sandbox. I mean, obviously there will be bugs and vulnerabilities that can be exploited, but the same is true for anything that can be rendered (even the JPEG format has been known to serve malware in the past). Such vulnerabilities usually get patched pretty quickly though, so it's more a case of keeping your browser up-to-date and Java plugins disabled (Java and Flash are by far the biggest two weaknesses on a modern browser).

Actually, I was thinking more of a setting in options that says 'do not list any applications with adware'.

That's not a bad idea. I like that ;)

Edited 2013-03-15 01:00 UTC

Reply Parent Score: 4