adPerf: Characterizing the Performance of Third-party Ads

Monetizing websites and web apps through online advertising is widespread in the web ecosystem. The online advertising ecosystem nowadays forces publishers to integrate ads from these third-party domains. On the one hand, this raises several privacy and security concerns that are actively studied in recent years. On the other hand, given the ability of today's browsers to load dynamic web pages with complex animations and Javascript, online advertising has also transformed and can have a significant impact on webpage performance. The performance cost of online ads is critical since it eventually impacts user satisfaction as well as their Internet bill and device energy consumption. In this paper, we apply an in-depth and first-of-a-kind performance evaluation of web ads. Unlike prior efforts that rely primarily on adblockers, we perform a fine-grained analysis on the web browser's page loading process to demystify the performance cost of web ads. We aim to characterize the cost by every component of an ad, so the publisher, ad syndicate, and advertiser can improve the ad's performance with detailed guidance. For this purpose, we develop an infrastructure, adPerf, for the Chrome browser that classifies page loading workloads into ad-related and main-content at the granularity of browser activities (such as Javascript and Layout). Our evaluations show that online advertising entails more than 15% of browser page loading workload and approximately 88% of that is spent on JavaScript. We also track the sources and delivery chain of web ads and analyze performance considering the origin of the ad contents. We observe that 2 of the well-known third-party ad domains contribute to 35% of the ads performance cost and surprisingly, top news websites implicitly include unknown third-party ads which in some cases build up to more than 37% of the ads performance cost

Mitigating man-in-the-middle attacks on mobile devices by blocking insecure http traffic without using vpn

Mobile devices are constantly connected to the Internet, making countless connections with remote services. Unfortunately, many of these connections are in cleartext, visible to third-parties while in transit. This is insecure and opens up the possibility for man-in-the-middle attacks. While there is little control over what kind of connection running apps can make, this paper presents a solution in blocking insecure HTTP packets from leaving the device. Specifically, the proposed solution works on the device, without the need to tunnel packets to a remote VPN server, and without special privileges such as root access. Speed tests were performed to quantify how much network speed is being impacted while filtering. To investigate how blocking HTTP traffic can affect day-to-day usage, common tasks were put to the tests, tasks such as browsing, searching, emailing, instant messaging, social networking, consuming streaming content, and gaming. The results from the tests are interesting, websites that do not support HTTPS were exposed, apps that do not fully support HTTPS were also being uncovered. One surprisingly, and arguably pleasant, side effect was discovered – the filtering solution blocks out advertisements in all of the games being tested, hence contributing to an improved gaming experience

Android Application Security Scanning Process

This chapter presents the security scanning process for Android applications. The aim is to guide researchers and developers to the core phases/steps required to analyze Android applications, check their trustworthiness, and protect Android users and their devices from being victims to different malware attacks. The scanning process is comprehensive, explaining the main phases and how they are conducted including (a) the download of the apps themselves; (b) Android application package (APK) reverse engineering; (c) app feature extraction, considering both static and dynamic analysis; (d) dataset creation and/or utilization; and (e) data analysis and data mining that result in producing detection systems, classification systems, and ranking systems. Furthermore, this chapter highlights the app features, evaluation metrics, mechanisms and tools, and datasets that are frequently used during the app’s security scanning process

Measuring and Analysing the Chain of Implicit Trust: AStudy of Third-party Resources Loading

The web is a tangled mass of interconnected services, whereby websites import a range of external resources from various third-party domains. The latter can also load further resources hosted on other domains. For each website, this creates a dependency chain underpinned by a form of implicit trust between the first-party and transitively connected third parties. The chain can only be loosely controlled as first-party websites often have little, if any, visibility on where these resources are loaded from. This article performs a large-scale study of dependency chains in the web to find that around 50% of first-party websites render content that they do not directly load. Although the majority (84.91%) of websites have short dependency chains (below three levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third parties are classified as suspicious—although seemingly small, this limited set of suspicious third parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third parties, and 24.8% of first-party webpages contain at least three third parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range of activities with the majority of suspicious JavaScript codes downloading malware