Code Allows Apps To Serve Ads Even If Force Stopped

June 17, 2017 - Written By Mark Real

Security firm Sophos was able to uncover a third-party library used by certain applications to feed user’s home screens with ads even if they are already terminated. Dubbed as the App/Mars Dae-A, this library was detected by the security firm last week and was found in at least 47 applications. The applications that utilize the third-party library was downloaded around 6 million times. Given the high number of downloads, it is highly likely that a substantial number of devices are already affected by this malicious code. These applications give the users who do not want advertisements on their home screens a big headache since even force stopping the applications cannot stop the advertisements from appearing. Unless Google acts on all the applications utilizing the code soon, more devices are likely going to be affected as this code works with devices on practically all versions of the Android operating system currently in use except for the most recent one, the Android 7.0 Nougat.

A major concern with the advertisements displayed by the Mars Dae-A code is its ability to persist even if the application is already force stopped. In fact, the advertisements return to the home screen mere seconds after the application is terminated. Sophos was able to track how the code works in Android 5.0 Lollipop and Android 6.0 Marshmallow. The code apparently starts multiple processes, each creating and then locking a specific file. The processes will then monitor each other to ensure that the necessary files are created and locked. Once the file created by a certain process is unlocked, it will trigger a series of instructions that will restart the process and recreate the unlocked file. The library’s ability to create multiple processes most likely allows it to persist even if the malicious application has been terminated by the user.

As many app developers earn money through advertisements, it is not surprising that some of them choose to deliver advertisements in every way possible. For example, a malware has been recently discovered in the games developed by Kiniwini that circumvents the Bouncer protections enforced by the Play Store. While these tricks may provide developers with increased revenue in the short-term, the reputation of the app they developed is compromised. Users who are annoyed with the advertisements loaded to the home screens usually give low ratings and negative reviews, which could affect the future prospects of an application. Nonetheless, users are always advised to be vigilant when downloading applications even from the Play Store.