The advertising embedded on some free Android apps is getting more aggressive and there is no easy mechanism for users to detect the issue before downloading programs, security firm BitDefender has reported.
Typical forms of nuisance behaviour include creating homescreen shortcuts, altering default search engines and using up memory and processor cycles in ways that degrade performance. Some also push important messages from other apps into the notification tray.
Surprisingly, a number of apps featuring such adware are also hugely popular which suggests that either users don't object to their effects or simply don't notice them.
Examples offered by BitDefender include Ant Smasher, installed 50 million times from Google's Play store or its previous incarnation, the Marketplace. On third-party sites, the same app comes with nuisance adware.
Another offender was Network Signal Booster, which in the version found on third-party sites bombards users with ads and messages in the style of PC adware of old.
Both of these examples were downloaded from third-party sites rather than Google Play, so is this a problem that comes from using dodgy sites?
For the most part, yes, although BitDefender did find one app on Google's own site, Galaxy S3 Go Launcher Ex, that loaded unwanted shortcuts while changing the default search engine without permission. This had been downloaded 500,000 times, the company said.
"Aggressive adware was once limited to desktop and laptop computers but the latest findings from the Bitdefender Labs suggest the same scenario is playing out in the mobile device landscape," claimed BitDefender's chief security researcher, Catalin Cosoi.
"Android's permission system includes no details about adware or the resources it might access, making it hard for users to spot aggressive adware behaviour until the app has been installed or an antivirus solution has flagged it."
Beyond this, adware morphed quite quickly into straight malware.
The top UK adware was Adware.Mulad.A, accounting for about 30 percent of detections in August followed by Trojan.FakeDoc.A, better known as the battery management utility Battery Doctor'.
The latter was unambiguously malicious, intercepting emails and SMS messages for broadcast to the attacker's server.