Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch.

Published byJacob Phillip Robinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch."— Presentation transcript:

1 Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch

2 Android Security Permission Model Protection LevelDescription NormalLow-Risk Permissions Granted to any package requesting them DangerousHigh-risk permissions that requires user confirmation SignatureOnly packages with the same author can request the permission SignatureOrSystemBoth packages with the same author and packages installed in the system image can request the permission

3 Android Security Permission Model Issues Android’s current system is unable to determine the difference between an app and an ad library. Ad libraries embedded in an app will undermine Android’s security system.  Inherit the permissions granted to an app.  Collect personal information and provide it to advertisers.

4 More Android Security Permission Model Issues Ad libraries are given the same permissions as the apps that contain the ad libraries. No solution is presented to isolate permissions granted to an app from permissions granted to an ad library.

5 Data Does not Lead to a Solution to Protect User Privacy Conclusion mentions need for a change the way existing ad libraries are integrated into apps.  How? Where is the experimental data that points to a solution? Approaches that have attempted to address the issue are dismissed and no alternative is presented.

6 Other Methods that Address User Privacy H. Haddadi, P. Hui, and I. Brown. MobiAd: Private and Scalable Mobile Advertising. In Proceedings of the 5th ACM International Workshop on Mobility in the Evolving Internet Architecture, MobiArch ’10, pages 33–38, September 2010. S. Guha, B. Cheng, and P. Francis. Privad: Practical Privacy in Online Advertising. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, NSDI ’11, March 2011.

7 Ad Libraries Ad libraries request information that is not useful to them. What is the basis for your claim that an app’s user cannot determine which ad libraries the app contains? ◦ Your paper analyzes ad libraries that exist within 10,000 apps. ◦ Discovered which ad libraries are in which apps.

8 Lack of Evidence Issue with ad libraries is that they fetch and load dynamic code. Mention that there are 5 ad libraries that have this unsafe behavior.  Which five? How was this detected?

9 Tool Performance Tested performance of AdRisk on 5 ad libraries.  1/20 th of the sample size. Why was the performance measured on 5 ad libraries, and not on all 100 ad libraries.

10 Summary of Problems With this Paper Make statements about results from research but fail to provide a suggestion for a solution. Often fail to back up statements with actual results. Lack of evidence. Tool performance.

Download ppt "Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch."

Similar presentations

The Future Internet: A clean-slate design? Nicholas Erho.

The Future Internet: A clean-slate design? Nicholas Erho.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.

Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Top 5 Small Business Tips on Creating a Mobile App.

Top 5 Small Business Tips on Creating a Mobile App.
Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)
Sharing Geographic Content

Sharing Geographic Content
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.

Enhancing User Privacy on Android Devices Bachelor of Computer Science (Honours) Name: Quang Do Supervisor: Raymond Choo Associate Supervisor: Ben Martini.
2015. 6. 26 박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST). 2012.

박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST)
1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.

1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.
Auditing Cloud Administrators Using Information Flow Tracking Afshar David ACM Scalable Trusted Computing.

Auditing Cloud Administrators Using Information Flow Tracking Afshar David ACM Scalable Trusted Computing.
Aims and Objectives.

Aims and Objectives.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Experimenting with Programmable Management Policies over GENI ProtoRINA over GENI Abraham Matta Yuefeng Wang Computer Science Department Boston University.

Experimenting with Programmable Management Policies over GENI ProtoRINA over GENI Abraham Matta Yuefeng Wang Computer Science Department Boston University.
A Presentation Of TaintDroid & Related Topics

A Presentation Of TaintDroid & Related Topics
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.

1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.

Similar presentations

Ads by Google