Adware and Malvertising
Adware has some similarities to spyware and can be installed using very similar techniques.
Adware itself is not always malicious. In fact, many apps on your smartphones probably contain adware, especially if they were free applications. This is a way for application developers to make money, even from free versions of their software.
Ads typically pay in one of 3 ways:
- Pay-per-click — the developers get paid each time you click on an ad
- Pay-per-view — the developers get paid each time an ad loads in front of a user
- Pay-per-install — the developers get paid each time bundled software is installed on a device
I recently had a situation with adware that made me uninstall a weather application I had been using for over a year. The app itself worked fine, but the developers thought it would be a great idea to add clickjacking to their application in order to increase revenue.
Clickjacking is a technique used to trick a user into clicking on something other than what the user thought they were clicking on. So after this update, I would go to click on my daily weather report in the app, but instead of taking me to the daily weather screen, it would pop up a bunch of ads.
The developers are likely getting paid via the pay-per-click model, and potentially also the pay-per-view model, and so by tricking my click, they can charge advertisers for a click, and for one or more ad views.
Not only is this a terrible user experience, but it can also be unethical or potentially illegal depending on the agreements they have with those 3rd party advertisers.
In addition, it can also be dangerous to the end-user, because ads don’t have a history of being the most secure. If the ad exchange provider’s systems become compromised, they could be sending ads that contain malware that gets downloaded as soon as you click on it. This is referred to as Malvertising. By forcing users to click on ads, you increase the odds of that happening.
Adware can be malicious in other ways. For example, you could be downloading adware without even realizing it through Potentially Unwanted Applications. It could be buried in the license agreement that no one reads, or as a tiny option in the fine print that you have to uncheck. If you miss it, or if the developers outright hide it, then you will be installing adware on your system alongside whatever else software you were originally trying to install.
This is not only incredibly annoying, but it could also be serving you malicious ads.
How to tell if you have adware
Adware is one of those that’s extremely easy to spot…you will start to see ads everywhere. You could be navigating around your device casually, when all of a sudden, an ad appears. Or, you could be browsing on the internet and all of a sudden you see an ad appear on a website that never had ads before.
This usually also leads to slower device performance, since displaying the ads will require more compute resources, and can use up more bandwidth.
How to prevent adware
Preventing adware is the same as preventing spyware and other forms of malware. The only thing I’ll add here is that you can expect adware in most pieces of free software that you download. That’s a trade-off and a risk that you assume by saving money downloading the free version instead of a paid version.