Towards an understanding of the impact of advertising on data leaks

Moonsamy, Veelasha; Alazab, Moutaz; Batten, Lynn Margaret

doi:10.1504/ijsn.2012.052540

Cited by 25 publications

(15 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Studying the scoring of LESK with respect to one of our most popular user interests in our L1 dataset we found it to be problematic. When comparing the matching goal workout with the category Health and Fitness, LESK assigns it one of the lowest scores (33), with the maximum score assigned to the (workout, books and references) pair (113).…”

Section: Nlp In Plutomentioning

confidence: 99%

“…Mobiles often contain sensitive information about user attributes which users might not comfortably share with advertising networks but could make valuable targeted data. This, in turn, led to a substantial line of research on privacy and advertising on mobiles in two general areas: (1) strategies for detection and prevention [53], [43], [17], [31], [33], [18], [50], [52], [7], [47], [48], [35], and (2) architectures and protocols that improve privacy protections [19], [36], [40], [29]. The first of these approaches primarily provides insights into the current practices of advertisers and advertising networks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Free for All! Assessing User Data Exposure to Advertising Libraries on Android

Demetriou

Merrill²,

Yang

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Many studies focused on detecting and measuring the security and privacy risks associated with the integration of advertising libraries in mobile apps. These studies consistently demonstrate the abuses of existing ad libraries. However, to fully assess the risks of an app that uses an advertising library, we need to take into account not only the current behaviors but all of the allowed behaviors that could result in the compromise of user data confidentiality. Ad libraries on Android have potential for greater data collection through at least four major channels: using unprotected APIs to learn other apps' information on the phone (e.g., app names); using protected APIs via permissions inherited from the host app to access sensitive information (e.g. Google and Facebook account information, geo locations); gaining access to files which the host app stores in its own protection domain; and observing user inputs into the host app.In this work, we systematically explore the potential reach of advertising libraries through these channels. We design a framework called Pluto that can be leveraged to analyze an app and discover whether it exposes targeted user data-such as contact information, interests, demographics, medical conditions and so on--to an opportunistic ad library. We present a prototype implementation of Pluto, that embodies novel strategies for using natural language processing to illustrate what targeted data can potentially be learned from an ad network using files and user inputs. Pluto also leverages machine learning and data mining models to reveal what advertising networks can learn from the list of installed apps. We validate Pluto with a collection of apps for which we have determined ground truth about targeted data they may reveal, together with a data set derived from a survey we conducted that gives ground truth for targeted data and corresponding lists of installed apps for about 300 users. We use these to show that Pluto, and hence also opportunistic ad networks, can achieve 75% recall and 80% precision for selected targeted data coming from app files and inputs, and even better results for certain targeted data based on the list of installed apps. Pluto is the first tool that estimates the risk associated with integrating advertising in apps based on the four available channels and arbitrary sets of targeted data.

show abstract

Section: Nlp In Plutomentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Free for All! Assessing User Data Exposure to Advertising Libraries on Android

Demetriou

Merrill²,

Yang

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…CrowDroid [9] is an offline analysis over traces that can be leveraged to identify malicious apps through examining their behavior via crowdsourcing. Moonsamy et al [27] provided a thorough investigation and classification of 123 apps using static and dynamic techniques over the apps' Java source code. Grace et al [21] showed that ad frameworks opportunistically scan and leverage permissions granted by the app they are called from.…”

Section: Related Workmentioning

confidence: 99%

Information flows as a permission mechanism

Shen

Vishnubhotla

Todarka

et al. 2014

Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering

View full text Add to dashboard Cite

This paper proposes Flow Permissions, an extension to the Android permission mechanism. Unlike the existing permission mechanism, our permission mechanism contains semantic information based on information flows. Flow Permissions allow users to examine and grant per-app information flows within an application (e.g., a permission for reading the phone number and sending it over the network) as well as cross-app information flows across multiple applications (e.g., a permission for reading the phone number and sending it to another application already installed on the user's phone). Our goal with Flow Permissions is to provide visibility into the holistic behavior of the applications installed on a user's phone. In order to support Flow Permissions on Android, we have developed a static analysis engine that detects flows within an Android application. We have also modified Android's existing permission mechanism and installation procedure to support Flow Permissions. We evaluate our prototype with 2,992 popular applications and 1,047 malicious applications and show that our design is practical and effective in deriving Flow Permissions. We validate our cross-app flow generation and installation procedure on a Galaxy Nexus smartphone.

show abstract

“…crowdsourcing. Moonsamy et al [24] provided a thorough investigation and classification of 123 apps using static and dynamic techniques over the apps' Java source code. Grace et al [8] showed that ad frameworks opportunistically scan and leverage permissions granted by the app they are called from.…”

Section: Related Workmentioning

confidence: 99%

Flow Permissions for Android

Holavanalli

Manuel

Nanjundaswamy

et al. 2013

2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

Abstract-This paper proposes Flow Permissions, an extension to the Android permission mechanism. Unlike the existing permission mechanism our permission mechanism contains semantic information based on information flows. Flow Permissions allow users to examine and grant explicit information flows within an application (e.g., a permission for reading the phone number and sending it over the network) as well as implicit information flows across multiple applications (e.g., a permission for reading the phone number and sending it to another application already installed on the user's phone). Our goal with Flow Permissions is to provide visibility into the holistic behavior of the applications installed on a user's phone. Our evaluation compares our approach to dynamic flow tracking techniques; our results with 600 popular applications and 1,200 malicious applications show that our approach is practical and effective in deriving Flow Permissions statically.

show abstract

Towards an understanding of the impact of advertising on data leaks

Cited by 25 publications

References 17 publications

Free for All! Assessing User Data Exposure to Advertising Libraries on Android

Free for All! Assessing User Data Exposure to Advertising Libraries on Android

Information flows as a permission mechanism

Flow Permissions for Android

Contact Info

Product

Resources

About