It may not be long before your mobile phone is beset by the same sorts of obnoxious, screen-covering, scaremongering ads pimping security software that once inundated desktop users before pop-up blockers became widely-used.
Richard M. Smith, a Boston-based security consultant, was dining out last Friday and browsing a local news site with his Android-based smart phone when his screen was taken over by an alarming message warning of page errors and viruses. Clicking anywhere on the ad took him to a Web site peddling SnapSecure, a mobile antivirus and security subscription service that bills users $5.99 a month.
“This particular ad takes over the entire screen on my Android phone, so it gives the impression of being rather ominous,” Smith said, noting that it was the second time in as many days that he’d encountered the rogue ad. He further explained that the ad just appeared when he browsed to view a new story, and that he hadn’t clicked on an ad or anything unusual.
Michael Subhan, vice president of marketing for SnapSecure, said the company traced the ads back to some rogue marketing affiliates that have since been banned from its advertising program.
“We did find out which affiliate was serving up the ad, and they will be blacklisted from the network,” Subhan said. “We have strict advertising policies, and do not tolerate rogue affiliates. Unfortunately, with the volume of advertising that we do, there are sometimes affiliates that try and get around our guidelines.”
Meanwhile, the ad linked to in the overlay image still appears to be live and redirecting users to the SnapSecure purchase page.
I am frequently asked whether mobile users should purchase anti-malware and security products. The short answer is, “no.” I tend to steer people toward Krebs’s 3 Basic Rules for Online Safety, which urge first and foremost, “If you didn’t go looking for it, don’t install it!” A corollary of this should be, “If you intend to install it, make sure you have researched it.”
Yes, I realize that this advice may seem fuddy-duddy and inconvenient for users of a platform that places a premium on instant gratification and access to information. But security software should never be viewed as a substitute for common sense and simple precaution. Anti-malware software is and always has been reactive, meaning it usually only detects a threat after some subset of customers have already been successfully compromised by it. And in the mobile space, the window of time during which malicious applications go undetected by mobile providers or the general public seems to be far narrower than in the world of desktop applications.