5,220 research outputs found
Characterizing Location-based Mobile Tracking in Mobile Ad Networks
Mobile apps nowadays are often packaged with third-party ad libraries to
monetize user data
MobileAppScrutinator: A Simple yet Efficient Dynamic Analysis Approach for Detecting Privacy Leaks across Mobile OSs
Smartphones, the devices we carry everywhere with us, are being heavily
tracked and have undoubtedly become a major threat to our privacy. As "tracking
the trackers" has become a necessity, various static and dynamic analysis tools
have been developed in the past. However, today, we still lack suitable tools
to detect, measure and compare the ongoing tracking across mobile OSs. To this
end, we propose MobileAppScrutinator, based on a simple yet efficient dynamic
analysis approach, that works on both Android and iOS (the two most popular OSs
today). To demonstrate the current trend in tracking, we select 140 most
representative Apps available on both Android and iOS AppStores and test them
with MobileAppScrutinator. In fact, choosing the same set of apps on both
Android and iOS also enables us to compare the ongoing tracking on these two
OSs. Finally, we also discuss the effectiveness of privacy safeguards available
on Android and iOS. We show that neither Android nor iOS privacy safeguards in
their present state are completely satisfying
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
It is well known that apps running on mobile devices extensively track and
leak users' personally identifiable information (PII); however, these users
have little visibility into PII leaked through the network traffic generated by
their devices, and have poor control over how, when and where that traffic is
sent and handled by third parties. In this paper, we present the design,
implementation, and evaluation of ReCon: a cross-platform system that reveals
PII leaks and gives users control over them without requiring any special
privileges or custom OSes. ReCon leverages machine learning to reveal potential
PII leaks by inspecting network traffic, and provides a visualization tool to
empower users with the ability to control these leaks via blocking or
substitution of PII. We evaluate ReCon's effectiveness with measurements from
controlled experiments using leaks from the 100 most popular iOS, Android, and
Windows Phone apps, and via an IRB-approved user study with 92 participants. We
show that ReCon is accurate, efficient, and identifies a wider range of PII
than previous approaches.Comment: Please use MobiSys version when referencing this work:
http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
Online advertising: analysis of privacy threats and protection approaches
Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft
User Privacy Leakage in Location-based Mobile Ad Services
The online advertising ecosystem leverages its massive data collection capability to learn the properties of users for targeted ad deliveries. Many Android app developers include ad libraries in their apps as a way of monetization. These ad libraries contain advertisements from the sell-side platforms, which collect an extensive set of sensitive information to provide more relevant advertisements for their customers. Existing efforts have investigated the increasingly pervasive private data collection of mobile ad networks over time. However, there lacks a measurement study to evaluate the scale of privacy leakage of ad networks across different geographical areas. In this work, we present a measurement study of the potential privacy leakage in mobile advertising services conducted across different locations. We develop an automated measurement system to intercept mobile traffic at different locations and perform data analysis to pinpoint data collection behaviors of ad networks at both the app-level and organization-level. With 1,100 popular apps running across 10 different locations, we perform extensive threat assessments for different ad networks. Meanwhile, we explore the ad-blockers’ behavior in the ecosystem of ad networks, and whether those ad-blockers are actually capturing the users’ private data in the meantime of blocking the ads.
We find that: the number of location-based ads tends to be positively related to the population density of locations, ad networks collect different types of data across different locations, and ad-blockers can block the private data leakage
On the Privacy Practices of Just Plain Sites
In addition to visiting high profile sites such as Facebook and Google, web
users often visit more modest sites, such as those operated by bloggers, or by
local organizations such as schools. Such sites, which we call "Just Plain
Sites" (JPSs) are likely to inadvertently represent greater privacy risks than
high profile sites by virtue of being unable to afford privacy expertise. To
assess the prevalence of the privacy risks to which JPSs may inadvertently be
exposing their visitors, we analyzed a number of easily observed privacy
practices of such sites. We found that many JPSs collect a great deal of
information from their visitors, share a great deal of information about their
visitors with third parties, permit a great deal of tracking of their visitors,
and use deprecated or unsafe security practices. Our goal in this work is not
to scold JPS operators, but to raise awareness of these facts among both JPS
operators and visitors, possibly encouraging the operators of such sites to
take greater care in their implementations, and visitors to take greater care
in how, when, and what they share.Comment: 10 pages, 7 figures, 6 tables, 5 authors, and a partridge in a pear
tre
- …