Terence Chen
ABSTRACT
In this paper we investigate the risk of privacy leakage through mobile analytics services and demonstrate the ease with which an external adversary can extract individual's profile and mobile applications usage information, through two major mobile analytics services, i.e. Google Mobile App Analytics and Flurry. We also demonstrate that it is possible to exploit the vulnerability of analytics services, to influence the ads served to users' devices, by manipulating the profiles constructed by these services. Both attacks can be performed without the necessity of having an attacker controlled app on user's mobile device. Finally, we discuss potential countermeasures (from the perspectives of different parties) that may be utilized to mitigate the risk of individual's personal information leakage.
- Pdroid -- the better privacy protection, December 2011. http://www.xda-developers.com/android/pdroid-the-better-privacy-protection/.Google Scholar
- Android "kitkat" update -- new privacy features, November 2013. http://www.futureofprivacy.org/2013/11/15/android-kitkat-update-new-privacy-features/.Google Scholar
- Using identifiers in your apps, March 2013. https://developer.apple.com/news/?id=3212013a.Google Scholar
- A. R. Beresford, A. Rice, N. Skehin, and R. Sohan. Mockdroid: trading privacy for application functionality on smartphones. In HotMobile, 2011. Google ScholarDigital Library
- T. Chen, A. Chaabane, P.-U. Tournoux, M. A. Kaafar, and R. Boreli. How Much is too Much? Leveraging Ads Audience Estimation to Evaluate Public Profile Uniqueness. In PETS'13, 2013.Google ScholarCross Ref
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. of 9th USENIX Symposium on OSDI, 2010. Google ScholarDigital Library
- W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of Android Application Security. In Proceedings of the 20th USENIX conference on Security, SEC'11, 2011. Google ScholarDigital Library
- A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission Re-Delegation: Attacks and Defenses. In Proc. of 20th USENIX Security Symposium, 2011. Google ScholarDigital Library
- M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi. Unsafe Exposure Analysis of Mobile In-app Advertisements. In WISEC, 2012. Google ScholarDigital Library
- S. Han. A Study of Third-Party. Tracking by Mobile Apps in the Wild. Technical report, University of Washington UW-CSE-12-03-01, 2012.Google Scholar
- I. Leontiadis, C. Efstratiou, M. Picone, and C. Mascolo. Don't kill my ads!: balancing privacy in an ad-supported mobile application market. In HotMobile, 2012. Google ScholarDigital Library
Index Terms
- Information leakage through mobile analytics services
Recommendations
Personal mobile services
Ubiquitous information access through mobile devices has become a typical practice in everyday life. The mobile service paradigm shifts the role of mobile devices from consumers to providers, opening up new opportunities for a multitude of collaborative ...
Mobile devices and web services
ACS'07: Proceedings of the 7th Conference on 7th WSEAS International Conference on Applied Computer Science - Volume 7Service oriented architecture (SOA) presents one of modern approaches used in the process of information systems development. One of the technologies the SOA is based on are web services. Rapid development of capabilities of mobile devices (including ...
Adoption of mobile information services: An empirical study
This study investigates the adoption of mobile information services at a Norwegian university. By expanding the Technology Acceptance Model TAM, a new research model, known as the mobile services acceptance model MSAM, is proposed. Based on the research ...
Comments