MOUNTAIN VIEW, CA: Unwanted software such as ad injectors poses a threat to more users' devices than malware, according to a year-long Google study.
The internet giant reported that Google Safe Browsing generates over 60m warnings every week to help users avoid installing unwanted software – more than three times the number of warnings shown for malware.
"Estimates of the incident rate of unwanted software installs on desktop systems are just emerging," the report said. "Prior studies suggest that ad injection affects as many as 5% of browsers and that detection in the Chrome Web Store affects over 50m users."
The software often arrives when users unwittingly download software bundles packaged with several additional applications, a business model known as pay-per-install.
"The most commonly bundled software included unwanted ad injectors, browser settings hijackers, and scareware purporting to fix urgent issues with a victim's machine for $30-40," Google reported in a blog post.
And it added that four of the largest pay-per-install networks "routinely distributed" such material.
"These PPI companies are profiting by catering to unwanted software and assisting them in evading detection," Damon McCoy, assistant professor of computer science and engineering at New York University, told Fortune.
"They legitimise this by including a thin veil of consent skirting the fine line between malware and unwanted software."
Kurt Thomas, a research scientist at Google, blamed the "misaligned incentive" in the PPI model, that sees distributors focused on driving installs to earn money while software owners are "incentivised to recuperate that cost through whatever means possible".
The result, he told Advertising Age, is that "nobody is looking out for the user in the middle of this because no one has to deal with the fallout of the user's system being bloated with unwanted software".
Data sourced from Google, Fortune, Advertising Age; additional content by Warc staff