Featured Research

from universities, journals, and other organizations

Including ads in mobile apps poses privacy, security risks

Date:
March 19, 2012
Source:
North Carolina State University
Summary:
Researchers have found that including ads in mobile applications poses privacy and security risks. In a recent study of 100,000 apps in the official Google Play market, researchers noticed that more than half contained so-called ad libraries. And 297 of the apps included aggressive ad libraries that were enabled to download and run code from remote servers -- which raises significant privacy and security concerns.

Researchers from North Carolina State University have found that including ads in mobile applications (apps) poses privacy and security risks. In a recent study of 100,000 apps in the official Google Play market, researchers noticed that more than half contained so-called ad libraries. And 297 of the apps included aggressive ad libraries that were enabled to download and run code from remote servers -- which raises significant privacy and security concerns.

Related Articles


"Running code downloaded from the Internet is problematic because the code could be anything," says Dr. Xuxian Jiang, an assistant professor of computer science at NC State and co-author of a paper describing the work. "For example, it could potentially launch a 'root exploit' attack to take control of your phone -- as demonstrated in a recently discovered piece of Android malware called RootSmart."

In Google Play (formerly known as the Android Market) and other markets, many developers offer free apps. To generate revenue, these app developers incorporate "in-app ad libraries," which are provided by Google, Apple or other third-parties. These ad libraries retrieve advertisements from remote servers and run the ads on a user's smartphone periodically. Every time an ad runs, the app developer receives a payment.

This poses potential problems because the ad libraries receive the same permissions that the user granted to the app itself when it was installed -- regardless of whether the user was aware he or she was granting permissions to the ad library.

Jiang's team looked at a sample of 100,000 apps available on Google Play between March and May 2011 and examined the 100 representative ad libraries used by those apps. One significant find was that 297 of the apps (1 out of every 337 apps) used ad libraries "that made use of an unsafe mechanism to fetch and run code from the Internet -- a behavior that is not necessary for their mission, yet has troubling privacy and security implications," Jiang says. But that is only the most extreme example.

Jiang's team found that 48,139 of the apps (1 in 2.1) had ad libraries that track a user's location via GPS, presumably to allow an ad library to better target ads to the user. However, 4,190 apps (1 in 23.4) used ad libraries that also allowed advertisers themselves to access a user's location via GPS. Other information accessed by some ad libraries included call logs, user phone numbers and lists of all the apps a user has stored on his or her phone.

These ad libraries pose security risks because they offer a way for third parties -- including hackers -- to bypass existing Android security efforts. Specifically, the app itself may be harmless, so it won't trigger any security concerns. But the app's ad library may download harmful or invasive code after installation.

"To limit exposure to these risks, we need to isolate ad libraries from apps and make sure they don't have the same permissions," Jiang says. "The current model of directly embedding ad libraries in mobile apps does make it convenient for app developers, but also fundamentally introduces privacy and security risks. The best solution would be for Google, Apple and other mobile platform providers to take the lead in providing effective ad-isolation mechanisms."

The paper, "Unsafe Exposure Analysis of Mobile In-App Advertisements," was co-authored by Jiang; NC State Ph.D. students Michael Grace and Wu Zhou; and Dr. Ahmad-Reza Sadeghi of the Technical University Darmstadt. The paper will be presented April 17 at the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks in Tucson. The research was supported by the National Science Foundation.


Story Source:

The above story is based on materials provided by North Carolina State University. Note: Materials may be edited for content and length.


Cite This Page:

North Carolina State University. "Including ads in mobile apps poses privacy, security risks." ScienceDaily. ScienceDaily, 19 March 2012. <www.sciencedaily.com/releases/2012/03/120319111733.htm>.
North Carolina State University. (2012, March 19). Including ads in mobile apps poses privacy, security risks. ScienceDaily. Retrieved October 24, 2014 from www.sciencedaily.com/releases/2012/03/120319111733.htm
North Carolina State University. "Including ads in mobile apps poses privacy, security risks." ScienceDaily. www.sciencedaily.com/releases/2012/03/120319111733.htm (accessed October 24, 2014).

Share This



More Computers & Math News

Friday, October 24, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

The Best Apps to Organize Your Life

The Best Apps to Organize Your Life

Buzz60 (Oct. 23, 2014) — Need help organizing your bills, schedules and other things? Ko Im (@konakafe) has the best apps to help you stay on top of it all! Video provided by Buzz60
Powered by NewsLook.com
Nike And Apple Team Up To Create Wearable ... Something

Nike And Apple Team Up To Create Wearable ... Something

Newsy (Oct. 23, 2014) — For those looking for wearable tech that's significantly less nerdy than Google Glass, Nike CEO Mark Parker says don't worry, It's on the way. Video provided by Newsy
Powered by NewsLook.com
Chameleon Camouflage to Give Tanks Cloaking Capabilities

Chameleon Camouflage to Give Tanks Cloaking Capabilities

Reuters - Innovations Video Online (Oct. 22, 2014) — Inspired by the way a chameleon changes its colour to disguise itself; scientists in Poland want to replace traditional camouflage paint with thousands of electrochromic plates that will continuously change colour to blend with its surroundings. The first PL-01 concept tank prototype will be tested within a few years, with scientists predicting that a similar technology could even be woven into the fabric of a soldiers' clothing making them virtually invisible to the naked eye. Matthew Stock reports. Video provided by Reuters
Powered by NewsLook.com
Internet of Things Aims to Smarten Your Life

Internet of Things Aims to Smarten Your Life

AP (Oct. 22, 2014) — As more and more Bluetooth-enabled devices are reaching consumers, developers are busy connecting them together as part of the Internet of Things. (Oct. 22) Video provided by AP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:

Strange & Offbeat Stories

 

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins