research-article

AdDroid: privilege separation for applications and advertisers in Android

Authors:

Paul Pearce,

Adrienne Porter Felt,

Gabriel Nunez,

David WagnerAuthors Info & Claims

ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

Pages 71 - 72

https://doi.org/10.1145/2414456.2414498

Published: 02 May 2012 Publication History

Get Access

Abstract

Advertising is a critical part of the Android ecosystem---many applications use one or more advertising services as a source of revenue. To use these services, developers must bundle third-party, binary-only libraries into their applications. In this model, applications and their advertising libraries share permissions. Advertising-supported applications must request multiple privacy-sensitive permissions on behalf of their advertising libraries, and advertising libraries receive access to all of their host applications' other permissions. We conducted a study of the Android Market and found that 49% of Android applications contain at least one advertising library, and these libraries overprivilege 46% of advertising-supported applications. Further, we find that 56% of the applications with advertisements that request location (34% of all applications) do so only because of advertisements. Such pervasive overprivileging is a threat to user privacy. We introduce AdDroid, a privilege separated advertising framework for the Android platform. AdDroid introduces a new advertising API and corresponding advertising permissions for the Android platform. This enables AdDroid to separate privileged advertising functionality from host applications, allowing applications to show advertisements without requesting privacy-sensitive permissions.

References

[1]

AdMob: Mobile Advertising. http://www.admob.com/.

Google Scholar

[2]

Android Market. https://market.android.com/.

Google Scholar

[3]

Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. Android Permissions: User Attention, Comprehension, and Behavior. Tech. Rep. UCB/EECS-2012-26, University of California Berkeley, 2012.

Digital Library

Google Scholar

[4]

Grace, M., Zhou, W., Jiang, X., and Sadeghi, A.-R. Unsafe Exposure Analysis of Mobile In-App Advertisements. In Conference on Security and Privacy in Wireless and Mobile Networks (WiSEC) (2012).

Digital Library

Google Scholar

[5]

Mobile Advertising with Millennial Media. http://www.millennialmedia.com/.

Google Scholar

Cited By

View all

Shah TSampangi RSiegel A(2024)Mobile Application Security Risk Score: A sensitive user input-based approach2024 IEEE 3rd International Conference on AI in Cybersecurity (ICAIC)10.1109/ICAIC60265.2024.10433828(1-10)Online publication date: 7-Feb-2024
https://doi.org/10.1109/ICAIC60265.2024.10433828
Xinyu LZe JJiaxi LWei LXiaoxi WQixu L(2023)ANDetect: A Third-party Ad Network Libraries Detection Framework for Android ApplicationsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627182(98-112)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627182
Ahad AWang GKim CJana SLin ZKwon YAamodt TSwift MJerger N(2023)FreePart: Hardening Data Processing Software via Framework-based Partitioning and IsolationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624760(169-188)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624760
Show More Cited By

Index Terms

AdDroid: privilege separation for applications and advertisers in Android

Recommendations

AdDroid: Rule-Based Machine Learning Framework for Android Malware Analysis
Abstract
Recent years have witnessed huge growth in Android malware development. Colossal reliance on Android applications for day to day working and their massive development dictates for an automated mechanism to distinguish malicious applications from ...
Internet Marketing: Learn Proven Methods to Making as an Internet Marketer Today
Business leadership: Influence and Lead ! Fundamentals for Personal and Profess

Comments

Information & Contributors

Information

Published In

ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

May 2012

119 pages

ISBN:9781450316484

DOI:10.1145/2414456

General Chairs:
Heung Youl Youm
SoonChunHyang University, Korea
,
Yoojae Won
Kisa, Korea

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 May 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ASIA CCS '12

Sponsor:

SIGSAC

ASIA CCS '12: 7th ACM Symposium on Information, Compuer and Communications Security

May 2 - 4, 2012

Seoul, Korea

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

166
Total Citations
View Citations
1,178
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Shah TSampangi RSiegel A(2024)Mobile Application Security Risk Score: A sensitive user input-based approach2024 IEEE 3rd International Conference on AI in Cybersecurity (ICAIC)10.1109/ICAIC60265.2024.10433828(1-10)Online publication date: 7-Feb-2024
https://doi.org/10.1109/ICAIC60265.2024.10433828
Xinyu LZe JJiaxi LWei LXiaoxi WQixu L(2023)ANDetect: A Third-party Ad Network Libraries Detection Framework for Android ApplicationsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627182(98-112)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627182
Ahad AWang GKim CJana SLin ZKwon YAamodt TSwift MJerger N(2023)FreePart: Hardening Data Processing Software via Framework-based Partitioning and IsolationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624760(169-188)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624760
Zhao KZhan XYu LZhou SZhou HLuo XWang HLiu Y(2023)Demystifying Privacy Policy of Third-Party Libraries in Mobile Apps2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00137(1583-1595)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00137
Lou JZhang XZhang YLi XYuan XZhang N(2023)Devils in Your Apps: Vulnerabilities and User Privacy Exposure in Mobile Notification Systems2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00017(28-41)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00017
Joseph AYadav NGanapathy VBehl DJayachandran P(2023)Data Protection in Permissioned Blockchains using Privilege Separation2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS56262.2023.10041304(748-756)Online publication date: 3-Jan-2023
https://doi.org/10.1109/COMSNETS56262.2023.10041304
Inshi SElarbi MChowdhury ROuld-Slimane HTalhi C(2022)CAPEF: Context-Aware Policy Enforcement Framework for Android ApplicationsJournal of Engineering Research and Sciences10.55708/js02010022:1(13-23)Online publication date: Jan-2022
https://doi.org/10.55708/js0201002
Liu BLiu LZhang J(2022)Detection and Analysis Ads Through the Mini-ProgramsInternational Journal of Interdisciplinary Telecommunications and Networking10.4018/IJITN.30970014:1(1-13)Online publication date: 30-Sep-2022
https://dl.acm.org/doi/10.4018/IJITN.309700
Hasan MGhavamnia SPolychronakis M(2022)Decap: Deprivileging Programs by Reducing Their CapabilitiesProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545978(395-408)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545978
Zhan XLiu TFan LLi LChen SLuo XLiu Y(2022)Research on Third-Party Libraries in Android Apps: A Taxonomy and Systematic Literature ReviewIEEE Transactions on Software Engineering10.1109/TSE.2021.311438148:10(4181-4213)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TSE.2021.3114381
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

AdDroid: Rule-Based Machine Learning Framework for Android Malware Analysis

Internet Marketing: Learn Proven Methods to Making as an Internet Marketer Today

Business leadership: Influence and Lead ! Fundamentals for Personal and Profess

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

AdDroid: Rule-Based Machine Learning Framework for Android Malware Analysis

Internet Marketing: Learn Proven Methods to Making as an Internet Marketer Today

Business leadership: Influence and Lead ! Fundamentals for Personal and Profess

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations