Introducing Privacy Threats from Ad Libraries to Android Users Through Privacy Granules

Android mobile users are provided with a per- missions list before installing an app that displays the list of resources available to that app. Users can review the permissions list and decide to install the app if they trust the app with their information. However, this information is accessible not only to the app provider but may also be available to third party ad libraries included in the app, which users are unaware of. In this paper, we propose a novel icon-based privacy threat representation as an alternative to permissions list that shows privacy threats to users from both app providers and associated ad libraries. Our approach considers users' privacy in terms of three granules: location, identity and query. Our proposed interface aims to educate users about which particular app providers and third parties have access to their privacy granules. We obtained user feedback on our technique in two user surveys (n = 137; 294), one each for testing the icons and the icon-based privacy threat display. We present our findings for ease of use and effectiveness of the novel privacy threat interface and further evaluate its impact on users' installation decision. user location, contacts list etc.) from the user's device and send it to their servers along with the device id. Authors in (24) analyzed 13 most popular Android ad libraries and concluded that: (a) Different ad libraries have different practices in place when accessing data from users' devices i.e., some ad libraries might access data that is not disclosed in their documentation while some may not. (b) Third party ad libraries can keep track of users' activity over multiple apps (in which that particular ad library is included) with users' device ids acting as unique identifiers for such data. Although, ad libraries are capable of accessing critical information from the user's device, those details are not revealed to the user during install time through the app's permissions list, since permissions lists only display information accessible to the app provider. Therefore, it would be helpful to provide an interface to end users that communicates the information accessible to both app providers and third party ad libraries, so they can make an informed decision during app installation.

[1]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.

[2]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[3]  Dan S. Wallach,et al.  Longitudinal Analysis of Android Ad Library Permissions , 2013, ArXiv.

[4]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[5]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[6]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[7]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[8]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[9]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[10]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[11]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[12]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[13]  Hao Chen,et al.  Investigating User Privacy in Android Ad Libraries , 2012 .

[14]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[15]  Lorrie Faith Cranor,et al.  A user study of the expandable grid applied to P3P privacy policy visualization , 2008, WPES '08.

[16]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[17]  Suman Nath,et al.  Brahmastra: Driving Apps to Test the Security of Third-Party Components , 2014, USENIX Security Symposium.

[18]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[19]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[20]  Peter Steenkiste,et al.  Access Control to Information in Pervasive Computing Environments , 2003, HotOS.

[21]  Eija Kaasinen,et al.  User needs for location-aware mobile services , 2003, Personal and Ubiquitous Computing.