Jump to content

Potentially Unwanted Applications (PUA) On Mobile Devices - e.g. on Android? / Mobile PUA

rugk

By rugk
in Malware Finding and Cleaning

 Share

Recommended Posts

rugk

rugk 397

Posted
Posted (edited)

I think we all know about the PUA (also called PUS or PUP) on Windows - these are e.g. "downloaders" that install toolbars or change your browser startpage and so on...

If you don't know about it then read this before you read the rest of the post:

 

But my questions is about mobile devices...

What PUA is there on these devices (e.g. on Android devices)? What is the behaviour of these PUA?

 

And no, I don't want deny that there is PUA (also on Google Play), because I already downloaded some apps and EMS detected them as PUA.

But the description was the "normal" description that you can give every PUA (on desktop systems).

 

Here is is a screenshot:

post-3952-0-17215600-1413644518_thumb.png

 

Because there are many things that these mobile PUA surely won't do. E.g. installs a toolbar without the knowledge of the user - Nobody would get the crazy idea to display a toolbar on the relatively small display on a smartphone. (OK on a tablet it might be something different, but I still think that it would be quite difficult with the Androids sandbox system to infiltrate the toolbar into a browser)

Additionally there can't be something like a download manager (with ads and so on) on Android or if it would exists then it would be very impractical, because you would have to install two apk files and then maybe also uninstalling the first apk file. So I can't think that this would be economic to the ones who provide such a PUA, because many users would not complete these circuitous steps.

And on Android many (also many popular) apps contain ads, so you can't categorize them as PUA.

 

So what kind of PUA is there on mobile devices? Can you give some examples?

What are the differences of these mobile PUA to desktop PUA?

 

Edit: Added screenshot of the description from EMS.

Edit2: Changed text and topic title a bit.

Edited by rugk
Link to comment
Share on other sites
SweX

SweX 871

Posted
Posted (edited)

Hello rugk,

 

This is a good but rather old read on the topic: hxxp://nakedsecurity.sophos.com/2012/09/13/potentially-unwanted-apps-on-android-more-prevalent-than-malware/

 

And this: hxxp://securitywatch.pcmag.com/mobile-apps/323737-mobile-malware-not-the-only-threat-unwanted-apps-bad-too


I assume the criteria to be classified as a PUA is very similar on all platforms. All I can say is there seems to be a lot of them and that they are detected for a reason. 

 

I read another more recent article on the topic not that long ago but unfortunately I can't find it now.  :(

Edited by SweX
Link to comment
Share on other sites
rugk

rugk 397

Posted
  • Author
Posted (edited)

Ok thanks for your replies. So ads and the transmission of the user data play a role...

But could someone specify this a bit?

 

I think there are at least some differences between computer-PUA and mobile-PUA (I tried to indicate some of them in my start post).

Edited by rugk
Link to comment
Share on other sites
Doctor9fan

Doctor9fan 0

Posted
Posted

I doubt anyone who received an alert on their device would allow the app to install just to see what the result would be unless they were in a test situation.

I've had warnings g of pua in games from the Amazon app store but eset hasn't detected it; Malwarebytes has which is worrying me on how good eset is.

Link to comment
Share on other sites
rugk

rugk 397

Posted
  • Author
Posted

I doubt anyone who received an alert on their device would allow the app to install just to see what the result would be unless they were in a test situation.

I've had warnings g of pua in games from the Amazon app store but eset hasn't detected it; Malwarebytes has which is worrying me on how good eset is.

Yes, maybe someone can test a PUA to see what it does, but maybe there are criteria for detection as a mobile PUA you cannot see. (e.g. transmission of private data to a server without need to do this)

 

And if there is malware or PUA that EMS misses then I would suggest you to send this to ESET. Currently EMS has no embedded "submit to ESET" feature (I already criticized that in my feedback), but you can of course send it in the "normal way" to samples @ eset.com.

Link to comment
Share on other sites
  • ESET Moderators
Aryeh Goretsky

Aryeh Goretsky 378

Posted
  • ESET Moderators
Posted

Hello,

I am still working on an answer to the question about anti-malware software for Linux.

As soon as I get that finished, I will try to address your question re: Android PUAs.

Thanks for your patience and understanding.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites
  • 2 weeks later...
fallenangel1978

fallenangel1978 0

Posted
Posted

why adding sdk from these companies (revmob,startapp,leadbold) esset thinks that is a Potentially Unwanted Applications?

and not from googles ads and other ad network? only these 3 ads networks are a threat?

i m a developer and i have intergade the 3 networks but esset pop ups a message "Threat" and my users thinks that is a virus and prevend them from downloading my apps.

is there any solution? thank you

Link to comment
Share on other sites
  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...