Suppose Josephine and Rick have built the most incredible smartphone application ever. They offer it up
to the market for a few dollars, and next thing we know they are millionaires. Their customers not only love the app, but they also appreciate not being deluged by incessant banner ads or pop-ups. Jo and Rick didn’t have to bring in on-line advertisers because their profit model was simple: sell the app itself to make money.
But not all developers are as lucky. Steve and Sue can’t get anyone to pay attention to their app, and darn, they spent all their money creating it. So they will have to figure out another way to earn their money back. The most popular way to do this is to get paid when users view ads. Steve and Sue decide to make their app available for free, and advertisers pay Steve and Sue to place ads alongside the application. These ads change dynamically just as they would at a website: while the user is connected to the internet, a rolling sequence of different ads appear.
However, working with advertisers is a full time job in itself. So Steve and Sue hire an agency to do it. The agency looks at their app, figures out the gender and age of their likely audience, and offers it to advertisers to bid on. As an example, if our app appeals to teens, a clothing company who target teens may be interested.
This seems like an ideal solution: the end user gets a valuable app for free while Steve and Sue get paid for what they created. At the same time companies get to hawk their products, which should lead to an increase in sales. What’s not to like about this picture? Enter the greedy cybercriminal.
It turns out that because agencies are too busy to check each ad – or even to verify where the ads come from – it’s easy to push out a link which takes users to a malicious website. Which is to say, a website which serves up malware and attempts to infect the user’s device. This is one danger of using free applications, especially the ones which are available through websites which aren’t policed in some way (like Google Play and Apple Store).
There is another danger as well. Something called an application “cracker” has become widely available. Anyone can use this software to crack open an application, stuff malware in it, and then repost it somewhere. In this case, the malware will be downloaded to the user’s system when the application is.
In either of these two cases, a successfully infected smartphone is likely to cost the user much more than they would have paid for the app. So ask yourself next time you think about downloading a freebie: what’s the value of protecting your identity or your finances? It’s an important conversation to have with everyone else in your household as well.
Best,
cj