Google Mobile Ad server has a serious vulnerability.. Mobile App owners..please take care

Posted on May 9, 2017 by Vijayashankar Na

Many of the app developers develop interesting and useful mobile Apps which are offered free and supported by Ads from Google.

There is no doubt that the creator of the Ad is entitled to monetize his creative work and we also appreciate that Google provides a reasonably good option to monetize and the system needs to be encouraged.

However, one of the risks that such App owners who allow ads to be served from a third party face, is the possibility of law infringing advertisements being served by the Ad servers.

All Ad service providers therefore need to take care that no advertisements which infringe the laws are served when the App is being used by the users.

I had recently (5th March 2017)  came across an incident where an app “A2ZKannada” which provides Kannada radio stations on the mobile displayed an ad on the android mobile with a link to a pornographic site. I notified the same to the app owner who informed as follows.

” Yes the app is ours. Thanks for the information regarding the inappropriate advertisement in our app. Actually its from Google Admob services. We are unaware that Google is approving these ads.

We will investigate this and bring this to attention of Google. If possible please let us know the name of the site that was advertised.  Thanks again.”
However, since I had not recorded the ad, I could not provide full details.

Today, I observed the same ad being displayed on another app.

These ads obviously appear randomly and it is difficult for us to reproduce the same. However, I have provided the date and time of the display and I am sure that Google already has information on who all visited the app at that specific time or there abouts. If Google asks, I am willing to give my mobile information to pin point the incident.

I have information that in the previous instance, the Company contacted Google but could not get any response.

I would like to reiterate that displaying links to “hot video” could be considered as an offence under Section 67,67A and 67B of ITA 2000/8 and the offence would be extended to the CEO and other officers and directors of the company owning the App through the operation of section 79 and 85 of the Act. Hence the App owners cannot take this lightly and brush aside as a technological aberration.

The App owners would have signed an implied contract with Google which should be considered Google as also an intermediary and responsible and liable for similar punishments.

However, if a complaint is actually made, then the Police are more likely to catch hold of the App owner and leave out Google.

It is therefore essential for all App owners using Google Ad service to immediately notify their Google Ad contact with a message to the equivalent of the following.

” We on behalf of ……….., a customer of your Google Ad service with the ID ….. hereby bring to your notice as follows:

We understand (Refer: http://www.naavi.org/wp/google-mobile-ad-server-serious-vulnerability/  ) that  there is a possibility that the ads served by your Company may be violative of the laws prevalent in India and may render us for penal legal action.

We request you to kindly note that under Information Technology Act 2000/8 applicable to publishing of electronic documents, display of ads that link to pornographic content which have been referred to in the said article are liable to be considered as a punishable offence.

We also foresee the possibility of other kinds of offensive ads including racist or terror promoting ads being displayed in similar circumstances exposing us to grave risk of loss of business, reputation and even imprisonment.

Since we donot have any control on the ads served, the entire responsibility to avoid such ads lies with you and you are deemed to have indemnified us completely from the legal consequences arising out of such ads.”

Please ensure that the e-mail is digitally signed or use the services of ceac.in which will provide free notification service as a special case with Section 65B certification of the notice having been sent to the given Google Ad contact. The App owners may also use the services of cyber-notice.com which will also be provided free for this incident reporting.

As regards Google Ad managers, I would like to state that

“The incident indicates that there is a vulnerability in their filter mechanism and this particular ad seems to be getting through whatever filtering mechanism you might have built. I consider this as a “Bug” in your system.

I am aware that your system largely is well designed and does prevent such occurrences most of the time.

Probably such ads are also legal in certain countries and the filter might have failed in identifying the country of origin of the visitor.

You are required to investigate these incidents seriously and let me know how you are eliminating the bug.

Now that you are notified publicly, if the bug is not rectified and in the next such occasion some visitor files a criminal complaint against the App owner and Google, your company would be liable for the consequences. Such liabilities include the possible imprisonment of your officers working in India. I therefore expect that Google will not neglect this open complaint and take necessary action.”

If any other App owner or member of the public observe similar ads being displayed in any App or website, kindly let me know.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.