Mobile Threat Blog

  • Mobile
    Security Insights
  • Mobile
    Threat Research
  • Mobile
    Security Tips

Would you pay a small fee to avoid having to see ads in your mobile app? According to an AppLovin survey, more than 80 percent of customers surveyed said they wouldn’t spend $5 to banish ads, and 67 percent would refuse to pay anything. Only 19 percent of customers surveyed said they would pay $5 or more.

It would be nice if it were that simple. Here’s mobile’s dirty little secret: Because ads are sent to us, and because digital advertising wants to be able to serve the “best” ads, the mobile app has to send a massive amount of personal data to the advertiser networks to determine which is the best ad for any given user at any given time or place. So, in reality, the tradeoff isn’t ads versus no ads, it’s the mobile surveillance model versus no ads.

In other words, by agreeing to ads, we’ve enabled an economic model that requires continuous and comprehensive surveillance of mobile device users. While Al Gore may not have invented the Internet, he did quite accurately characterize this as a stalker economy.

eMarketer forecasts that the digital advertising market in the U.S. will reach $74 billion next year, meaning about as much will be spent on digital advertising as is spent on TV advertising. The fastest-growing digital advertising segment is mobile advertising, at $47 billion, this is a stunning figure for a market that didn’t exist 10 years ago.

And mobile digital advertising is different from TV or more traditional advertising–it’s intensely personal: Never has an audience of this aggregate size been this disaggregated. This is an audience that can consist, at times, of cohorts of one. 1

According to eMarketer, leaders in the U.S. mobile ad market are Google, with roughly 37 percent market share, followed by Facebook at 18 percent. And the combined share of Google and Facebook is growing. That’s not surprising, considering the business model of one is to deliver advertisers to their users, and the other is to deliver their users to advertisers. Facebook, Google and other companies in this space are data driven. Digital marketing requires massive amounts of data–much of it collected through mobile apps–so that this highly disaggregated market can be served.

So now we have a stalker economy, where your location, your online history, your contacts, your schedule, your data, your device, and your identity are all in play. And because of this, we’ve enabled a system where a major retailer knows a teenager is pregnant before her parents do, where hearing aids are marketed to a middle-aged woman because her father has a hearing impairment, or where an ad is delivered because you happen to be walking near a specific store at a given time. This intrusion on our collective privacy isn’t going away any time soon, as the economic incentives to developers and publishers are too strong.

Yes, this kind of user surveillance is creepy. But how does it affect enterprise security? Here’s how: The information gathered can be used to attack an enterprise through a watering hole attack, or a spear phishing attack–which could lead to a major breach such as those experienced by Target, Home Depot or Sony. It’s therefore imperative that enterprises include mobile app risk management as part of their overall security strategy, in order to protect themselves from this insidious and alarming increase to their attack surface.

1 Smith, Mike (2014-11-19). Targeted: How Technology is Revolutionizing Advertising and the Way Companies Reach Consumers (p. 5).