Dec 052013

One of the notable things about the technology industries is there are always new terms and concepts to discover.

During a visit to Sophos’ Oxford headquarters last month, the phrase ‘Potentially Unwanted Applications’ – or PUAs – raised its head.

PUAs come from the problem application developers have in making money out of apps or websites. The culture of free or cheap is so ingrained online that it’s extremely hard to make a living out of writing software.

As result, developers and their employers are engaging in some cunning tricks to get customers to download their apps and then to monetize them, particularly in the Android world which lacks the tight control Apple exercises over the iOS App Store.

“What’s interesting about Android,” says Sophos Labs’ Vice President President Simon Reed, “is it’s attracting aggressive commercialisation.”

The fascinating thing Reed finds about this ‘aggressive commercialisation’ is where the distinction lies between malware and monetisation and when does an app or developer cross that line.

Reed’s colleagues Vanja Svajcer & Sean McDonald explore where that line lies in a paper titled Classifying PUAs in the Mobile Environment which they submitted to the Virus Bulletin Conference last October.

In that paper Svajcer and McDonald discuss how these applications have developed, the motivations behind them and the challenge for anti virus companies like Sophos and Kaspersky in categorising and dealing with them.

The authors also flag that while the bulk of the revenue generated by these apps comes from advertising, there are serious privacy risks for users as developers try to monetize the data many of these packages scrape from the phones they’re installed on.

Svajcer and McDonald do note though that potentially unwanted applications aren’t really anything new, we could well classify many of the drive by downloads that plagued Windows 98 users at the beginning of the century as being PUAs.

What we do need to keep in mind though that what is driving the development of PUAs is users’ reluctance to pay for apps and that it’s going to take a big change in customer attitudes for this problem to go away.

For businesses, this is something managers are going to have to consider as they move their line of business applications onto mobile devices, as Marc Benioff proposed at the recent Dreamforce conference.

Sophos’ Simon Reed believes potentially unwanted apps won’t be such a problem in the workplace however. “Consumers may have a different tolerance towards PUAs than commercial organisations,” he says.

The prevalence of PUAs on mobile devices does underscore though just how careful organisations have to be with who and what can access their data. It’s another challenge for CIOs.

Leave a Reply

%d bloggers like this: