A Case of Collusion: A Study of the Interface Between Ad Libraries and their Apps
This addresses privacy risks for Android users by exposing collusion mechanisms, though it is incremental as it builds on prior work on ad library vulnerabilities.
The study investigated how Android ad libraries and their host apps collude to leak user privacy data, analyzing 114,000 apps and finding that app popularity correlates with increased privacy leakage, likely due to higher advertising revenue incentives.
A growing concern with advertisement libraries on Android is their ability to exfiltrate personal information from their host applications. While previous work has looked at the libraries' abilities to measure private information on their own, advertising libraries also include APIs through which a host application can deliberately leak private information about the user. This study considers a corpus of 114,000 apps. We reconstruct the APIs for 103 ad libraries used in the corpus, and study how the privacy leaking APIs from the top 20 ad libraries are used by the applications. Notably, we have found that app popularity correlates with privacy leakage; the marginal increase in advertising revenue, multiplied over a larger user base, seems to incentivize these app vendors to violate their users' privacy.