论文信息 - Android applications: Data leaks via advertising libraries

Android applications: Data leaks via advertising libraries

Recent studies have determined that many Android applications in both official and non-official online markets expose details of the users' smartphones without user consent. In this paper, we explain why such applications leak, how they leak and where the data is leaked to. In order to achieve this, we combine static and dynamic analysis to examine Java classes and application behaviour for a set of popular, clean applications from the Finance and Games categories. We observed that all the applications in our data set which leaked information (10%) had third-party advertising libraries embedded in their respective Java packages.

Veelasha Moonsamy | Lynn Batten

[1] Xuxian Jiang,et al. Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[2] Siu-Ming Yiu,et al. DroidChecker: analyzing android applications for capability leak , 2012, WISEC '12.

[3] Artem Starostin,et al. A framework for static detection of privacy leaks in android applications , 2012, SAC '12.

[4] David A. Wagner,et al. AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.

[5] Veelasha Moonsamy,et al. Mining permission patterns for contrasting clean and malicious android applications , 2014, Future Gener. Comput. Syst..

[6] Hao Chen,et al. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[7] Heng Yin,et al. Attacks on WebView in the Android system , 2011, ACSAC '11.

[8] K. Yi,et al. Static Analyzer for Detecting Privacy Leaks in Android Applications , 2012 .

[9] Shashi Shekhar,et al. AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[10] Byung-Gon Chun,et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.