Short bio
PUPs use the mobile platform and trusting nature of users to install an app which might have cool functionality but comes bundled with unwanted features such as draining the battery, leaking data, and aggressive advertising. These apps aren’t necessarily malicious but users might want to reconsider installing due to performance hits or bad reputation.
History
Potentially Unwanted Programs have always been a part of the mobile ecosystem and in recent years they’ve been emboldened by the consumers tolerance of some advertising or resource hogging. Consumers have overlooked these behaviors in order to receive a free app but app developers have been greedy and are using shady tactics to pull a fast one their customers.
Common infection method
Infection occurs when an app is bundled with third-party libraries that contain intrusive advertising and other unwanted behaviors and interferes with the mobile experience. Advertising libraries have become the biggest offender of this category by displaying intrusive ads. This includes ads that continually promote apps in the notification bar and through home screen shortcuts, or those that take up the entire screen until they’re dismissed.
Another issue they pose is escalating app privileges beyond what the host app requires for functionality. This leaves users vulnerable to the third parties security holes.
Other PUP apps can contain rooting libraries, capable of sniffing WiFi connections, or Bitcoin mining.
Associated families
Android/PUP.Adware.Airpush Android/PUP.Adware.NoiconAds Android/PUP.Riskpay.Xinyin Android/PUP.Risktool.BitCoinMiner Android/PUP.RiskTool.WifiScan Android/PUP.Riskware.SMSReg Android/PUP.HackTool.SmsBomber
Remediation
These apps can be uninstalled using the mobile devices uninstall functionality. The tricky part is identifying the offending behavior and app. That is where anti-malware software can help by identifying and removing these apps.
Aftermath
The user will see aggressive advertising overtaking their mobile experience, batteries draining at a faster than expected rate, or identifying data being leaked.
Avoidance
Stick to trusted sources for mobile apps, and read app description and reviews. If a permission list is available, review it also and question why an app might need use of risky permissions such as sending SMS, access to contacts, and location.