The fallout from the Adobe Flash hacking scandal continues with the recent announcement that Mozilla Firefox will now block all Adobe Flash content, as well as Google Chrome’s announcement that their default settings will block Flash content unrelated to the webpage beginning September 1, 2015. Already, Chrome’s new Power Saver plugin will stop any site content that users aren’t actively engaging with (for “power-saving” purposes), including Flash-based ads. The increasing pace with which major browsers are abandoning Flash underscores the need for agencies to switch to HTML5, yesterday.
Flash has been dying a long, slow death over the course of several years, ever since Steve Jobs published an open letter criticizing Flash back in 2010, citing Flash’s poor security among other reasons for blocking Flash on mobile Apple devices, including iPhones and iPads. Flash forward to 2015, and it appears that Jobs’ position has now been vindicated with the revelation of three separate “zero-day flaws” in Flash. In other words, there were three previously unknown security threats, with zero days between the discovery of the threat and the initial attack. The security flaws were only revealed after Hacking Team, an Italian security team known for selling intrusion and surveillance technology to countries with poor human rights records, was itself hacked earlier this year. This technology has allowed countries such as Mexico and Sudan to collect some fairly personal information about any number of people, including emails, address books, search history, and phone conversations.
This is only the latest in a laundry list of Adobe Flash security issues. The same year Jobs penned his criticism of Flash, Adobe admitted that it had gone for an entire year without fixing a known vulnerability, and it later announced a critical vulnerability in Android mobile devices. Already, Android users have been encouraged to use Flash only on an on-demand basis, or to disable it entirely. And of course, Flash has been blocked on iPhones, iPod Touch, and iPads for years.
So what does this all mean for agencies? It means that when people visit a site using a Flash-blocking browser, they will face a static, non-dynamic banner that discourages interest and engagement. Or worse, they won’t see anything at all – just an empty gray box. Users can get around this by downloading the Flash plugin, but that’s a lot of time and effort for someone who may already be hesitant to download what could potentially be malware. As an agency running Flash-based campaigns, you might still be registering impressions, even if nothing is actually being displayed. That’s a lot of money down the drain.
HTML5, which is the only application to run across all mobile devices, is replacing Adobe Flash, and agencies that have long relied on Flash need to get on board. Although building new campaigns in HTML5 may be inconvenient, the not-so-distant, Flash-free future is approaching, with or without you.