1 / 10

Unsafe Exposure Analysis of Mobile In-App Advertisements

Unsafe Exposure Analysis of Mobile In-App Advertisements. Offense: Rachel Stonehirsch. Android Security Permission Model. Android Security Permission Model Issues . Android’s current system is unable to determine the difference between an app and an ad library.

helga
Télécharger la présentation

Unsafe Exposure Analysis of Mobile In-App Advertisements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch

  2. Android Security Permission Model

  3. Android Security Permission Model Issues • Android’s current system is unable to determine the difference between an app and an ad library. • Ad libraries embedded in an app will undermine Android’s security system. • Inherit the permissions granted to an app. • Collect personal information and provide it to advertisers.

  4. More Android Security Permission Model Issues • Ad libraries are given the same permissions as the apps that contain the ad libraries. • No solution is presented to isolate permissions granted to an app from permissions granted to an ad library.

  5. Data Does not Lead to a Solution to Protect User Privacy • Conclusion mentions need for a change the way existing ad libraries are integrated into apps. • How? • Where is the experimental data that points to a solution? • Approaches that have attempted to address the issue are dismissed and no alternative is presented.

  6. Other Methods that Address User Privacy • H. Haddadi, P. Hui, and I. Brown. MobiAd: Private and Scalable Mobile Advertising. In Proceedings of the 5th ACM International Workshop on Mobility in the Evolving Internet Architecture, MobiArch ’10, pages 33–38, September 2010. • S. Guha, B. Cheng, and P. Francis. Privad: Practical Privacy in Online Advertising. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, NSDI ’11, March 2011.

  7. Ad Libraries • Ad libraries request information that is not useful to them. • What is the basis for your claim that an app’s user cannot determine which ad libraries the app contains? • Your paper analyzes ad libraries that exist within 10,000 apps. • Discovered which ad libraries are in which apps.

  8. Lack of Evidence • Issue with ad libraries is that they fetch and load dynamic code. • Mention that there are 5 ad libraries that have this unsafe behavior. • Which five? How was this detected?

  9. Tool Performance • Tested performance of AdRisk on 5 ad libraries. • 1/20th of the sample size. • Why was the performance measured on 5 ad libraries, and not on all 100 ad libraries.

  10. Summary of Problems With this Paper • Make statements about results from research but fail to provide a suggestion for a solution. • Often fail to back up statements with actual results. • Lack of evidence. • Tool performance.

More Related