Researchers from North Carolina State University and Purdue University have found in separate studies that some mobile applications (apps) which come with adverts pose privacy and security risks and also drain smartphone batteries faster. The North Carolina study, carried out between March and May 2011, looked at 100,000 apps in the official Google Play market, and researchers noticed that more than half contained so-called ad libraries; and 297 of the apps included aggressive ad libraries that were enabled to download and run code from remote servers, which they claim raises significant privacy and security concerns. The report, titled “Unsafe Exposure Analysis of Mobile In-App Advertisements”, quoted one of the lead researchers, Dr. Xuxian Jiang of NC State University as saying "running code downloaded from the Internet is problematic because the code could be anything." "For example, it could potentially launch a 'root exploit' attack to take control of your phone as demonstrated in a recently discovered piece of Android malware called RootSmart," he added. Many developers offer free apps in Android Market (now called Google Play) and other markets, and they include ad libraries, which retrieve ads from remote servers belonging to Google, Apple and others, and the app developers generate revenue, anytime the ad plays on the user’s smart phone or tablet. The challenge is that anytime a phone user installs or permits an app, the ad libraries also receive the same permissions regardless of whether the user was aware he or she was granting permissions to the ad library. Dr. Jiang's team found that 297 of the apps (1 out of every 337 apps) used ad libraries "that made use of an unsafe mechanism to fetch and run code from the Internet - a behavior that has troubling privacy and security implications,” Jiang said. The team also found 48,139 of the apps (1 in 2.1) had ad libraries that track a user's location via GPS, presumably to allow an ad library to better target ads to the user. The report also said 4,190 apps (1 in 23.4) used ad libraries that also allowed advertisers themselves to access a user's location via GPS, adding that other information accessed by some ad libraries included call logs, user phone numbers and lists of all the apps a user has stored on his or her phone. Dr. Jiang noted that the ad libraries themselves may be harmless but they pose security risks because they offer a way for third parties, including hackers, to bypass existing Android security efforts, adding that they may also download harmful or invasive code after installation. "To limit exposure to these risks, we need to isolate ad libraries from apps and make sure they don't have the same permissions," Jiang says. “The best solution would be for Google, Apple and other mobile platform providers to take the lead in providing effective ad-isolation mechanisms." The other study carried out in Purdue University also found that smartphone apps that are offered for free to customers, and funded by advertising within the app could have a hidden cost for the users - in the form of much faster battery drain. Researchers analyzed Android and Windows Phone based devices, and found that as much as three-quarters of the power drain by a mobile app could be put down to the in-app adverts. The researchers said they were able to monitor the battery drain by modifying the handsets then running the apps on them. The author of the report, Abhinav Pathak said that app developers need to be more aware of the energy drain that 3rd-party plug-ins such as advertising or usage analytics can generate. In the case of one hugely popular app, called the Angry Birds game, the research suggested that only a fifth of the energy consumption was devoted to playing the game itself, but nearly half went to the location based tracker that is needed to serve localized adverts.