Protecting Private Attributes in App Based Mobile User Profiling

The Analytics companies enable successful targeted advertising via user profiles, derived from the mobile apps installed by specific users, and hence have become an integral part of the mobile advertising industry. This threatens the users’ privacy, when profiling is based on apps representing sensitive information, e.g., gambling problems indicated by a game app. In this work, we propose an app-based profile obfuscation mechanism, ProfileGuard, with the objective of eliminating the dominance of private interest categories (i.e. the prevailing private interest categories present in a user profile). We demonstrate, based on wide-range experimental evaluation of Android apps in a nine month test campaign, that the proposed obfuscation mechanism based on similarity with user’s existing apps (ensuring that selected obfuscating apps belong to non-private categories) can achieve a good trade-off between efforts required by the obfuscating system and the resulting privacy protection. We also show how the bespoke (customised to profile obfuscation) and bespoke++ (resource-aware) strategies can deliver significant improvements in the level of obfuscation and (particularly bespoke++) in the use of mobile resources, making the latter a good candidate strategy in resource-constrained scenarios e.g., for fixed data use mobile plans. We also implement a POC ProfileGuard app to demonstrate the feasibility of an automated obfuscation mechanism. Furthermore, we provide insights to Google AdMob profiling rules, such as showing how individual apps map to user’s interests within their profile in a deterministic way and that AdMob requires a certain level of activity to build a stable user profile.

[1]  Michael Carl Tschantz,et al.  Automated Experiments on Ad Privacy Settings , 2014, Proc. Priv. Enhancing Technol..

[2]  T. Graepel,et al.  Private traits and attributes are predictable from digital records of human behavior , 2013, Proceedings of the National Academy of Sciences.

[3]  Yao Zheng,et al.  Tracking location privacy leakage of mobile ad networks at scale , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[4]  Qi Wang,et al.  On the privacy preserving properties of random data perturbation techniques , 2003, Third IEEE International Conference on Data Mining.

[5]  Jahna Otterbacher,et al.  Inferring gender of movie reviewers: exploiting writing style, content and metadata , 2010, CIKM.

[6]  Ernesto Damiani,et al.  Location Privacy Protection Through Obfuscation-Based Techniques , 2007, DBSec.

[7]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[8]  Sharad Goel,et al.  Who Does What on the Web: A Large-Scale Study of Browsing Behavior , 2012, ICWSM.

[9]  Stefan Katzenbeisser,et al.  Enabling Privacy Preserving Mobile Advertising via Private Information Retrieval , 2017, 2017 IEEE 42nd Conference on Local Computer Networks (LCN).

[10]  David Sánchez,et al.  Privacy-preserving and advertising-friendly web surfing , 2018, Comput. Commun..

[11]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[12]  Christo Wilson,et al.  Tracing Information Flows Between Ad Exchanges Using Retargeted Ads , 2018, USENIX Security Symposium.

[13]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[14]  Latanya Sweeney,et al.  Discrimination in online ad delivery , 2013, CACM.

[15]  Paul Francis,et al.  SplitX: high-performance private analytics , 2013, SIGCOMM.

[16]  Nick Nikiforakis,et al.  PrivacyMeter: Designing and Developing a Privacy-Preserving Browser Extension , 2018, ESSoS.

[17]  Mohamed Ali Kâafar,et al.  You are what you like! Information leakage through users' Interests , 2012, NDSS.

[18]  Balachander Krishnamurthy,et al.  Measuring privacy loss and the impact of privacy protection in web browsing , 2007, SOUPS '07.

[19]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[20]  Narseo Vallina-Rodriguez,et al.  Breaking for commercials: characterizing mobile advertising , 2012, Internet Measurement Conference.

[21]  David Rebollo Monedero,et al.  A privacy-protecting architecture for collaborative filtering via forgery and suppression of ratings , 2011 .

[22]  Roksana Boreli,et al.  Information leakage through mobile analytics services , 2014, HotMobile.

[23]  Yiannis Kompatsiaris,et al.  Assessing the Reliability of Facebook User Profiling , 2015, WWW.

[24]  David Wetherall,et al.  Detecting and Defending Against Third-Party Tracking on the Web , 2012, NSDI.

[25]  Milad Shokouhi,et al.  Inferring the demographics of search users: social data meets search queries , 2013, WWW.

[26]  Aaron Alva,et al.  Cross-Device Tracking: Measurement and Disclosures , 2017, Proc. Priv. Enhancing Technol..

[27]  Shlomo Argamon,et al.  Effects of Age and Gender on Blogging , 2006, AAAI Spring Symposium: Computational Approaches to Analyzing Weblogs.

[28]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[29]  Lujo Bauer,et al.  (Do Not) Track Me Sometimes: Users’ Contextual Preferences for Web Tracking , 2016, Proc. Priv. Enhancing Technol..

[30]  Hamed Haddadi,et al.  MobiAd: private and scalable mobile advertising , 2010, MobiArch '10.

[31]  Pierangela Samarati,et al.  Generalizing Data to Provide Anonymity when Disclosing Information , 1998, PODS 1998.

[32]  Carmela Troncoso,et al.  OB-PWS: Obfuscation-Based Private Web Search , 2012, 2012 IEEE Symposium on Security and Privacy.

[33]  Paul Francis,et al.  Towards Statistical Queries over Distributed Private User Data , 2012, NSDI.

[34]  Helen Nissenbaum,et al.  TrackMeNot: Enhancing the privacy of Web Search , 2011, ArXiv.

[35]  Alexandre V. Evfimievski,et al.  Limiting privacy breaches in privacy preserving data mining , 2003, PODS.

[36]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[37]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[38]  Jordi Forné,et al.  A Privacy-Preserving Architecture for the Semantic Web Based on Tag Suppression , 2010, TrustBus.

[39]  Dan S. Wallach,et al.  A case of collusion: a study of the interface between ad libraries and their apps , 2013, SPSM '13.

[40]  Aniket Kate,et al.  ObliviAd: Provably Secure and Practical Online Behavioral Advertising , 2012, 2012 IEEE Symposium on Security and Privacy.

[41]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[42]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[43]  Jan Nierhoff,et al.  Tracking and Tricking a Profiler: Automated Measuring and Influencing of Bluekai's Interest Profiling , 2018, WPES@CCS.

[44]  Suman Nath,et al.  MAdScope: Characterizing Mobile In-App Targeted Ads , 2015, MobiSys.

[45]  Ghazaleh Beigi,et al.  Protecting User Privacy: An Approach for Untraceable Web Browsing History and Unambiguous User Profiles , 2018, WSDM.

[46]  Roksana Boreli,et al.  Characterising user targeting for in-App Mobile Ads , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[47]  Roksana Boreli,et al.  How Much Is Too Much? Leveraging Ads Audience Estimation to Evaluate Public Profile Uniqueness , 2013, Privacy Enhancing Technologies.

[48]  Lauren I. Labrecque,et al.  Addressing Online Behavioral Advertising and Privacy Implications: A Comparison of Passive Versus Active Learning Approaches , 2019, Journal of Marketing Education.

[49]  Yang Wang,et al.  Smart, useful, scary, creepy: perceptions of online behavioral advertising , 2012, SOUPS.

[50]  Xiaodong Wang,et al.  Evolving Mobile App Recommender Systems: An Incremental Multi-objective Approach , 2014 .

[51]  Yiannis Kompatsiaris,et al.  Perceived Versus Actual Predictability of Personal Information in Social Networks , 2016, INSCI.

[52]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[53]  Suman Nath,et al.  Bloom Cookies: Web Search Personalization without User Tracking , 2015, NDSS.

[54]  Roksana Boreli,et al.  ProfileGuard: Privacy Preserving Obfuscation for Mobile User Profiles , 2014, WPES.

[55]  Edward W. Felten,et al.  Cookies That Give You Away: The Surveillance Implications of Web Tracking , 2015, WWW.

[56]  Claude Castelluccia,et al.  Betrayed by Your Ads! - Reconstructing User Profiles from Targeted Ads , 2012, Privacy Enhancing Technologies.

[57]  D. Wetherall,et al.  A Study of Third-Party Tracking by Mobile Apps in the Wild , 2012 .

[58]  Margaret L. Kern,et al.  Personality, Gender, and Age in the Language of Social Media: The Open-Vocabulary Approach , 2013, PloS one.

[59]  Josep M. Pujol,et al.  WhoTracks .Me: Shedding light on the opaque world of online tracking , 2018 .

[60]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[61]  Yvo Desmedt,et al.  How to Break a Practical MIX and Design a New One , 2000, EUROCRYPT.

[62]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[63]  Azeem J. Khan,et al.  CAMEO: a middleware for mobile advertisement delivery , 2013, MobiSys '13.

[64]  Vincent S. Tseng,et al.  Demographic Prediction Based on User's Mobile Behaviors , 2012 .

[65]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.