Free for All! Assessing User Data Exposure to Advertising Libraries on Android
作者: Soteris Demetriou , Whitney Merrill , Wei Yang , Aston Zhang , Carl A. Gunter
关键词: Demographics 、 Ground truth 、 Advertising 、 Android (operating system) 、 World Wide Web 、 Computer science
摘要: In this work, we systematically explore the potential reach of advertising libraries through these channels. We design a framework called Pluto that can be leveraged to analyze an app and discover whether it exposes targeted user data—such as contact information, interests, demographics, medical conditions so on—-to opportunistic ad library. present prototype implementation Pluto, embodies novel strategies for using natural language processing illustrate what data potentially learned from network files inputs. also leverages machine learning mining models reveal networks learn list installed apps. validate with collection apps which have determined ground truth about they may reveal, together set derived survey conducted gives corresponding lists 300 users. use show hence networks, achieve 75% recall 80% precision selected coming inputs, even better results certain based on is first tool estimates risk associated integrating in four available channels arbitrary sets data.
imperial.ac.uk
ndss-symposium.org
internetsociety.org 参考文章(44)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Clint Gibler, Jonathan Crussell, Jeremy Erickson, Hao Chen, AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale trust and trustworthy computing. pp. 291- 307 ,(2012) , 10.1007/978-3-642-30921-2_17
Shashi Shekhar, Michael Dietz, Dan S. Wallach, AdSplit: separating smartphone advertising from applications usenix security symposium. pp. 28- 28 ,(2012)
Daniel T. Wagner, Andrew Rice, Alastair R. Beresford, Device Analyzer: Understanding Smartphone Usage international conference on mobile and ubiquitous systems: networking and services. pp. 195- 208 ,(2013) , 10.1007/978-3-319-11569-6_16
Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, Guofei Jiang, None, SUPOR: precise and scalable sensitive user input detection for android apps usenix security symposium. pp. 977- 992 ,(2015)
Guofei Gu, Zhemin Yang, Yuhong Nan, Shunfan Zhou, Min Yang, XiaoFeng Wang, UIPicker: user-input privacy identification in mobile applications usenix security symposium. pp. 993- 1008 ,(2015)
Ramakrishnan Srikant, Rakesh Agrawal, Fast algorithms for mining association rules very large data bases. pp. 580- 592 ,(1998)
Satanjeev Banerjee, Ted Pedersen, An Adapted Lesk Algorithm for Word Sense Disambiguation Using WordNet international conference on computational linguistics. pp. 136- 145 ,(2002) , 10.1007/3-540-45715-1_11
Dekang Lin, An Information-Theoretic Definition of Similarity international conference on machine learning. pp. 296- 304 ,(1998)
Tanzirul Azim, Ravi Bhoraskar, David Wetherall, Jaeyeon Jung, Jinseong Jeon, Suman Nath, Shuo Chen, Seungyeop Han, Rui Wang, Brahmastra: driving apps to test the security of third-party components usenix security symposium. pp. 1021- 1036 ,(2014)