Security Experts:

Google to Stop Accepting Flash Ads

Google this week said it would stop accepting display ads built in Adobe Flash starting on Jun. 30, 2016, with plans to completely remove them from its platforms by Jan. 2, 2017.

As of Jun. 30, advertisers will no longer be able to upload display ads built in Flash on Google’s AdWords and DoubleClick Digital Marketing platforms, and the Internet giant says it will stop display such ads at the beginning of next year. To ensure that their ads can still run on these platforms, advertisers are advised to update them to HTML5.

Google’s announcement comes almost half a year after Amazon stopped accepting Flash ads on its online shopping website. At the time, Amazon said that the move, which went into effect on Sept. 1, 2015, was prompted by browser setting in Chrome, Firefox, and Safari, which were meant to limit Flash content displayed on web pages.

The Flash plugin has been long considered a security menace, and experts have often advised both users and developers to move away from the insecure software. Adobe, on the other hand, is working hard on patching vulnerabilities in the popular plugin, and has partnered with researchers and organizations to find and resolve bugs in it.

The large number of security flaws in Flash, however, represents an attractive attack surface for cybercriminals, especially for those behind exploit kits, which often include newly patched vulnerabilities in their malicious programs. In fact, a November report from Recorded Future revealed that eight of the top ten vulnerabilities used by exploit kits in 2015 leveraged flaws in Flash Player.

While Adobe does not seem ready to let the plugin go just yet, other companies are not as keen on keeping insecure software alive. In January, Oracle announced plans to kill the Java browser plugin, a decision triggered by browsers such as Chrome , Firefox, and Edge phasing out support for NPAPI (Netscape Plugin Application Programming Interface).

Google did not cite security concerns as the main trigger for shutting down support for ads built in Flash, but instead says that it is going all in with HTML5, and that the move would help advertisers reach the widest possible audience across screens. In a post on Google+, the company also notes that the transition should result in an enhanced browsing experience for more people on more devices.

In August 2014, Google suggested that AdWords advertisers should adopt HTML5 for their ads at a larger scale, saying that there were “more consumers using the web in HTML5-compatible environments than in Flash-compatible environments” at the time. Advertisers were able to convert ads built in Flash to identical HTML5 ads, and that hasn’t changed until now.

In fact, the Internet giant provides AdWords advertisers with a guide on how they can update their Flash ads to HTML5 to ensure their “creative can continue to show on the Google Display Network” after Jan. 2, 2017. The company also notes that only display ads will be affected by the change, and that video ads built in Flash will not be impacted at this time.

view counter