skip to main content
10.1145/2766498.2766523acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
short-paper

A measurement study of tracking in paid mobile applications

Published: 22 June 2015 Publication History

Abstract

Smartphone usage is tightly coupled with the use of apps that can be either free or paid. Numerous studies have investigated the tracking libraries associated with free apps. Only a limited number of these have focused on paid apps. As expected, these investigations indicate that tracking is happening to a lesser extent in paid apps, yet there is no conclusive evidence. This paper provides the first large-scale study of paid apps. We analyse top paid apps obtained from four different countries: Australia, Brazil, Germany, and US, and quantify the level of tracking taking place in paid apps in comparison to free apps. Our analysis shows that 60% of the paid apps are connected to trackers that collect personal information compared to 85%--95% in free apps. We further show that approximately 20% of the paid apps are connected to more than three trackers. With tracking being pervasive in both free and paid apps, we then quantify the aggregated privacy leakages associated with individual users. Using the data of user installed apps of over 300 smartphone users, we show that 50% of the users are exposed to more than 25 trackers which can result in significant leakages of privacy.

References

[1]
Tracker list. http://www.privmetrics.org/publications.
[2]
squid-cache.org - Optimising Web Delivery. http://www.squid-cache.org, 2015.
[3]
J. P. Achara, M. Cunche, V. Roca, and A. Francillon. WifiLeaks: Underestimated Privacy Implications of the ACCESS_WIFI_STATE Android Permission. In Proc. of the 7th ACM WiSec, 2014.
[4]
P. Ahlbrecht. Raccoon - Google Play desktop client. http://www.onyxbits.de/raccoon, 2015.
[5]
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proc. of the 35th ACM SIGPLAN. ACM, 2014.
[6]
D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to Android. In Proc. of the 17th ACM CCS. ACM, 2010.
[7]
C. Bonnington. More iOS apps are free than ever before. http://www.wired.com/2013/07/more-free-ios-apps/, 2013.
[8]
P. H. Chia, Y. Yamamoto, and N. Asokan. Is this app safe?: A large scale study on application permissions and risk signals. In Proc. of the 21st WWW. ACM, 2012.
[9]
D. E. Dilger. Apple adds new "Limit Ad Tracking" feature to iOS 6. http://appleinsider.com/articles, 2012.
[10]
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014.
[11]
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proc. of the 18th ACM CCS. ACM, 2011.
[12]
M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi. Unsafe exposure analysis of mobile in-app advertisements. In Proc. of the 5th ACM WiSec. ACM, 2012.
[13]
A. Gulyani. Extensive list of mobile ad network companies. http://gulyani.com/complete-list-of-mobile-ad-networks-companies/, 2014.
[14]
I. Leontiadis, C. Efstratiou, M. Picone, and C. Mascolo. Don't kill my ads!: Balancing privacy in an ad-supported mobile application market. In Proc. of the 12th Workshop on Mobile Computing Systems & Applications. ACM, 2012.
[15]
Amazon Inc. Amazon EC2. http://aws.amazon.com/ec2/, 2015.
[16]
Amazon Inc. Amazon Mechanical Turk. https://www.mturk.com/, 2015.
[17]
Appbrain Inc. Distribution of free vs. paid Android apps. http://www.appbrain.com/stats/, 2014.
[18]
Appbrain Inc. Android library statistics. http://www.appbrain.com/stats/libraries, 2015.
[19]
Google Inc. Advertising ID. https://developer.android.com, 2014.
[20]
Google Inc. Google Play developer program policies. https://play.google.com/about/developer-content-policy.html, 2014.
[21]
Joe Security LCC. Joe Sandbox Mobile. http://www.joesecurity.org/joe-sandbox-mobile, 2015.
[22]
S. Oliver. MAC address randomization joins Apple's heap of iOS 8 privacy improvements. http://appleinsider.com/articles, 2014.
[23]
C. Reynolds. A list of mobile advertising networks. http://www.mobyaffiliates.com/blog/a-list-of-mobile-advertising-networks/, 2013.
[24]
S. Seneviratne, A. Seneviratne, P. Mohapatra, and A. Mahanti. Predicting user traits from a snapshot of apps installed on a smartphone. ACM SIGMOBILE Mobile Computing and Communications Review, 18(2):1--8, 2014.
[25]
S. Seneviratne, A. Seneviratne, P. Mohapatra, and A. Mahanti. Your installed apps reveal your gender and more! ACM SIGMOBILE Mobile Computing and Communications Review, 18(3):55--61, 2015.
[26]
S. Shekhar, M. Dietz, and D. S. Wallach. Adsplit: separating smartphone advertising from applications. In Proc. of the 21st USENIX, 2012.
[27]
N. Vallina-Rodriguez, J. Shah, A. Finamore, Y. Grunenberger, K. Papagiannaki, H. Haddadi, and J. Crowcroft. Breaking for commercials: Characterizing mobile advertising. In Proc. of the 2012 IMC. ACM, 2012.
[28]
N. Viennot, E. Garcia, and J. Nieh. A measurement study of Google Play. In Proc. of the SIGMETRICS. ACM, 2014.
[29]
X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. Profiledroid: Multi-layer profiling of android applications. In Proc. of the 18th Mobicom. ACM, 2012.
[30]
L. Weichselbaum, M. Neugschwandtner, M. Lindorfer, Y. Fratantonio, V. van der Veen, and C. Platzer. Andrubis: Android malware under the magnifying glass. Vienna University of Technology, Tech. Rep. TRISECLAB-0414-001, 2014.
[31]
L. Zhang, D. Gupta, and P. Mohapatra. How expensive are free smartphone apps? ACM SIGMOBILE Mobile Computing and Communications Review, 16(3):21--32, 2012.

Cited By

View all
  • (2024)Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform AnalysesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644896(348-360)Online publication date: 15-Apr-2024
  • (2023)Privacy Is the Price: Player Views and Technical Evaluation of Data Practices in Online GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110647:CHI PLAY(1136-1178)Online publication date: 4-Oct-2023
  • (2023)Navigating the Data AvalancheProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35962677:2(1-24)Online publication date: 12-Jun-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
WiSec '15: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks
June 2015
256 pages
ISBN:9781450336239
DOI:10.1145/2766498
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2015

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Short-paper

Conference

WiSec'15
Sponsor:
  • SIGSAC
  • US Army Research Office
  • NSF

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)21
  • Downloads (Last 6 weeks)1
Reflects downloads up to 01 Mar 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform AnalysesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644896(348-360)Online publication date: 15-Apr-2024
  • (2023)Privacy Is the Price: Player Views and Technical Evaluation of Data Practices in Online GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110647:CHI PLAY(1136-1178)Online publication date: 4-Oct-2023
  • (2023)Navigating the Data AvalancheProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35962677:2(1-24)Online publication date: 12-Jun-2023
  • (2023)Comparative Privacy Analysis of Mobile BrowsersProceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy10.1145/3577923.3583638(3-14)Online publication date: 24-Apr-2023
  • (2023)Understanding Privacy Concerns in Mobile Health Applications: A Scenario-based Online Survey2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00239(1757-1765)Online publication date: 1-Nov-2023
  • (2023)Demystifying Privacy Policy of Third-Party Libraries in Mobile Apps2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00137(1583-1595)Online publication date: May-2023
  • (2023)Privacy-preserving targeted mobile advertising: A Blockchain-based framework for mobile adsJournal of Network and Computer Applications10.1016/j.jnca.2022.103559211(103559)Online publication date: Feb-2023
  • (2022)The Price to Play: A Privacy Analysis of Free and Paid Games in the Android EcosystemProceedings of the ACM Web Conference 202210.1145/3485447.3512279(3440-3449)Online publication date: 25-Apr-2022
  • (2021)“Money makes the world go around”: Identifying Barriers to Better Privacy in Children’s Apps From Developers’ PerspectivesProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445599(1-15)Online publication date: 6-May-2021
  • (2020)Differentially-private control-flow node coverage for software usage analysisProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489270(1021-1038)Online publication date: 12-Aug-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media