Towards a Framework to Facilitate the Mobile Advertising Ecosystem

To date, app developers are allowed to monetize their apps in two services: in-app advertising and in-app billing. Of these two, in-app billing is not prevalently used by users, whereas in-app advertising is considered an important funding source for developers. However, this service incurs a number of criticisms: (1) users must passively receive all mobile ads while using apps, (2) users get nothing from viewing or clicking ads, (3) ad networks transfer user private information to remote servers in an unencrypted format without user consent, and (4) negative impressions brought from irrelevant ads may harm the advertised brands. To overcome these problems, we propose In-App AdPay, a framework that combines the advantages of "in-app advertising" and "in-app billing" together so that ad networks can overtly ask users' permissions in order to serve more tailored ads, but in return, advertisers will pay targeted users' virtual transactions within the app (e.g., coins in mobile games) via a secure channel. While mobile users can be brought into the monetization loop, it will be technically and legitimately easier for ad networks to study users. We implemented the proof-of-concept framework and conducted a test with 42 volunteers. Based on these studies, we believe that "In-App AdPay" would balance user privacy and user experience without interfering with the existing monetization arrangements. Lastly, we reveal how tracked-by-consent users react in different test scenarios and value the permissions used in ad libraries.

[1]  Dan S. Wallach,et al.  An Empirical Study of Mobile Ad Targeting , 2015, ArXiv.

[2]  Hao Chen,et al.  Quantifying the Effects of Removing Permissions from Android Applications , 2013 .

[3]  Ninghui Li,et al.  Dimensions of Risk in Mobile Applications: A User Study , 2015, CODASPY.

[4]  Ryan Stevens,et al.  MAdFraud: investigating ad fraud in android applications , 2014, MobiSys.

[5]  Deborah Estrin,et al.  A first look at traffic on smartphones , 2010, IMC '10.

[6]  Hongxia Jin,et al.  Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps , 2015, MobiSys.

[7]  Tadayoshi Kohno,et al.  Securing Embedded User Interfaces: Android and Beyond , 2013, USENIX Security Symposium.

[8]  Norman M. Sadeh,et al.  Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014, SOUPS.

[9]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[10]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.

[11]  Xiao Zhang,et al.  AFrame: isolating advertisements from mobile applications in Android , 2013, ACSAC.

[12]  William K. Robertson,et al.  VirtualSwindle: an automated attack against in-app billing on android , 2014, AsiaCCS.

[13]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[14]  Hao Chen,et al.  Investigating User Privacy in Android Ad Libraries , 2012 .

[15]  David A. Wagner,et al.  How to Ask for Permission , 2012, HotSec.

[16]  Wei Xu,et al.  Permlyzer: Analyzing permission usage in Android applications , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[17]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[18]  Dan S. Wallach,et al.  A case of collusion: a study of the interface between ad libraries and their apps , 2013, SPSM '13.

[19]  Yubin Xia,et al.  AdAttester: Secure Online Mobile Advertisement Attestation Using TrustZone , 2015, MobiSys.

[20]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[21]  Narseo Vallina-Rodriguez,et al.  Breaking for commercials: characterizing mobile advertising , 2012, Internet Measurement Conference.

[22]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[23]  Suman Nath,et al.  MAdScope: Characterizing Mobile In-App Targeted Ads , 2015, MobiSys.

[24]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[25]  Dan S. Wallach,et al.  Longitudinal Analysis of Android Ad Library Permissions , 2013, ArXiv.