We received a Phantip this evening about some growing concerns around Mobage, a mobile gaming publisher in the Android Market, who’s games have mysteriously been asking for super user permissions on devices that are rooted. Understandably, there’s cause for alarm given root permissions are typically used for gaining access to features — whether legit or malicious — on an Android device. Just imagine you fire up a casual game of Pocket Frogs and all of a sudden you’re prompted for SU permissions. That’s enough to make anyone paranoid.
After digging around, we’ve found a few responses from Mobage explaining the situation. Apparently, the issue involving app SU requests has little to do with the actual game and more to do with the ad partner Mobage is using to generate revenue from their free apps. According to Mobage, the ad partner’s SDK looks for root on a device and for whatever reason, blocks ads to those devices. Mobage is still unclear as to why an ad agency would want to do this, with speculation involving things like increasing performance for rooted users who use adblocking apps.
It should be noted that our tipster did notice an “extra download” of 15MB after Pocket Frogs asks for SU which is a tad bit sketchy although “security apps” like AVG and Avast didn’t detect a threat.
Mobage did make it clear that they put their top engineer on the case with a fix is already in the works. They hope to have the “offending” apps updated in the Android Market in the coming days and rooted users everywhere can go back to farming for zombies.
While I trust Mobage, the same can’t be said for ad partners who could be doing who-knows-what with the data they phish from your phone. Developers should always be crystal clear with the description of their apps published to the Market and the permissions they request. Malicious apps are an ever growing concern in Android and transparency from developers and publishers are the only way to give some kind of peace of mind. When I download an app, the first thing I look for is how few permissions it asks for. Hope this article helps shed some light on the situation.
Thanks, Thomas!
I swear I’ve been getting “Unknown” phone calls since the first time I installed Tin Tower. Unistalled and I still get them about once a week instead of upwards of 20.
Did you read the TOS? They share your info.
I’m a huge conspiracy theory nut, but I can assure you that we are not selling any of your data, including your phone number to anyone.
I’d be getting those same calls if that were the case (as well as the millions of people who have downloaded Mobage-powered games).
This issue will be fixed in the next few days. Our QA team is currently doing a pass on the bundle that has this fix as well as a number of others for non-related issues.
When I installed “We Rule” and it asked for SU privileges, I just denied it. Come to think of it, I never see ads.
Yeah I Installed Pocket Frogs Earlier And I Denied The SU Privileges I Thought It Was Weird And I Uninstalled It.. Game Sucked Anyways.
“less to do with the game and more to do with the ad ” lol I don’t think so Mr advertiser.
Glad to be of service fellas. Just hate to see some non-savvy Android users get taken advantage of. :) Hopefully it gets fixed.
Interesting bit of additional info tho, that I found after submitting the tip:
Mobage is owned by parent company ngmoco, who in turn was bought out by DeNA.jp … well, as it turns out… DeNA.jp is a notorious scam & fly-by-night company based in Japan, ngmoco being it’s US counterpart. Plenty of scam and ripoff reports on them. Not good business for Mobage if you ask me. Add this on top of it, and you’ve got yourself a nice pot of “oh crap” stew!
Thomas
Paradise island does the samething according to my buddy that hacks games he said it detects hackers and cheaters.
Hey Chris, was there any background to why Mobage is releasing games designed by NimbleBit… the iOS developer?
NimbleBit partnered with ngmoco to feature their Plus+ social gaming network into their games.. DeNa, the company that owns Mobage, purchased ngmoco to expand their platform to the US. I’m assuming that’s how NB got in contact with Mobage to release their games on Android, as they (nimblebit) are strongly against releasing games on various platforms, they like to focus on 1 platform (according to their devs via interviews).
Well then, I suppose that makes sense. NB could’ve picked a better partner had they done their research though. :| DeNA has a bad reputation… period.
We distribute games for a number of great developers, like NimbleBit.
Our QA process did not involve testing on rooted devices, but now does. While we can’t support every custom ROM out there, we definitely want to know if something that could at all even appear malicious is happening because of our software.
The Android community reached out to us on a number of channels, and we have been working with the partner whose SDK contained this bug. This issue should be fixed in the next few days as the bundle that contains this fix is currently in testing.
Nice to see if mobage will come to the g2x
This hasn’t been fixed yet… big surprise.