Recently we learnt that ads in free apps are killing mobile battery life. If that’s not enough reason to buy the app’s paid version, consider this research on the added privacy and security threats found in many free apps.
North Carolina State University assistant professor Dr Xusian Jiang and his research team examined 100,000 Android apps and report in their paper (PDF):
Our study has so far uncovered a number of serious privacy and security risks from existing in-app ad libraries on the popular Anroid [sic] platform. […]
We analyse 100 ad libraries selected from a sample of 100,000 apps collected from the ofﬁcial Android Market, and ﬁnd that even among some of the most widely-deployed ad libraries, there exist threats to security and privacy. Such threats range from collecting unnecessarily intrusive user information to allowing third-party code of unknown provenance to execute within the hosting app. Since Android’s permissions model cannot distinguish between actions performed by an ad library and those performed by its hosting app, the current Android system provides little indication of the existence of these threats within any given app, which necessitates a change in the way existing ad libraries can be integrated into host apps.
Ars Technica summarises that the libraries used in free Android apps to display the ads are a privacy and security threat and can be used by attackers to get past Android security. The apps themselves may be harmless, but the ads could be used to execute malicious code, since the ad libraries are granted the same permissions that the apps themselves are when they’re downloaded. (Beyond that increased security risk, it’s also obvious that ad-supported apps collect data about you.)
Until Google changes the way ad libraries are integrated with apps, as with the battery-hogging lesson, if you’ve got a choice between the ad-supported free version or a paid app, it might be wiser to support the developer and pay the dollar or two, for peace of mind and a longer battery life.