short-paper

A measurement study of tracking in paid mobile applications

Authors:

Suranga Seneviratne,

Harini Kolamunna,

Aruna SeneviratneAuthors Info & Claims

WiSec '15: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks

Article No.: 7, Pages 1 - 6

https://doi.org/10.1145/2766498.2766523

Published: 22 June 2015 Publication History

Abstract

Smartphone usage is tightly coupled with the use of apps that can be either free or paid. Numerous studies have investigated the tracking libraries associated with free apps. Only a limited number of these have focused on paid apps. As expected, these investigations indicate that tracking is happening to a lesser extent in paid apps, yet there is no conclusive evidence. This paper provides the first large-scale study of paid apps. We analyse top paid apps obtained from four different countries: Australia, Brazil, Germany, and US, and quantify the level of tracking taking place in paid apps in comparison to free apps. Our analysis shows that 60% of the paid apps are connected to trackers that collect personal information compared to 85%--95% in free apps. We further show that approximately 20% of the paid apps are connected to more than three trackers. With tracking being pervasive in both free and paid apps, we then quantify the aggregated privacy leakages associated with individual users. Using the data of user installed apps of over 300 smartphone users, we show that 50% of the users are exposed to more than 25 trackers which can result in significant leakages of privacy.

References

[1]

Tracker list. http://www.privmetrics.org/publications.

[2]

squid-cache.org - Optimising Web Delivery. http://www.squid-cache.org, 2015.

[3]

J. P. Achara, M. Cunche, V. Roca, and A. Francillon. WifiLeaks: Underestimated Privacy Implications of the ACCESS_WIFI_STATE Android Permission. In Proc. of the 7th ACM WiSec, 2014.

Digital Library

[4]

P. Ahlbrecht. Raccoon - Google Play desktop client. http://www.onyxbits.de/raccoon, 2015.

[5]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proc. of the 35th ACM SIGPLAN. ACM, 2014.

Digital Library

[6]

D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to Android. In Proc. of the 17th ACM CCS. ACM, 2010.

Digital Library

[7]

C. Bonnington. More iOS apps are free than ever before. http://www.wired.com/2013/07/more-free-ios-apps/, 2013.

[8]

P. H. Chia, Y. Yamamoto, and N. Asokan. Is this app safe?: A large scale study on application permissions and risk signals. In Proc. of the 21st WWW. ACM, 2012.

Digital Library

[9]

D. E. Dilger. Apple adds new "Limit Ad Tracking" feature to iOS 6. http://appleinsider.com/articles, 2012.

[10]

W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014.

Digital Library

[11]

A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proc. of the 18th ACM CCS. ACM, 2011.

Digital Library

[12]

M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi. Unsafe exposure analysis of mobile in-app advertisements. In Proc. of the 5th ACM WiSec. ACM, 2012.

Digital Library

[13]

A. Gulyani. Extensive list of mobile ad network companies. http://gulyani.com/complete-list-of-mobile-ad-networks-companies/, 2014.

[14]

I. Leontiadis, C. Efstratiou, M. Picone, and C. Mascolo. Don't kill my ads!: Balancing privacy in an ad-supported mobile application market. In Proc. of the 12th Workshop on Mobile Computing Systems & Applications. ACM, 2012.

Digital Library

[15]

Amazon Inc. Amazon EC2. http://aws.amazon.com/ec2/, 2015.

[16]

Amazon Inc. Amazon Mechanical Turk. https://www.mturk.com/, 2015.

[17]

Appbrain Inc. Distribution of free vs. paid Android apps. http://www.appbrain.com/stats/, 2014.

[18]

Appbrain Inc. Android library statistics. http://www.appbrain.com/stats/libraries, 2015.

[19]

Google Inc. Advertising ID. https://developer.android.com, 2014.

[20]

Google Inc. Google Play developer program policies. https://play.google.com/about/developer-content-policy.html, 2014.

[21]

Joe Security LCC. Joe Sandbox Mobile. http://www.joesecurity.org/joe-sandbox-mobile, 2015.

[22]

S. Oliver. MAC address randomization joins Apple's heap of iOS 8 privacy improvements. http://appleinsider.com/articles, 2014.

[23]

C. Reynolds. A list of mobile advertising networks. http://www.mobyaffiliates.com/blog/a-list-of-mobile-advertising-networks/, 2013.

[24]

S. Seneviratne, A. Seneviratne, P. Mohapatra, and A. Mahanti. Predicting user traits from a snapshot of apps installed on a smartphone. ACM SIGMOBILE Mobile Computing and Communications Review, 18(2):1--8, 2014.

Digital Library

[25]

S. Seneviratne, A. Seneviratne, P. Mohapatra, and A. Mahanti. Your installed apps reveal your gender and more! ACM SIGMOBILE Mobile Computing and Communications Review, 18(3):55--61, 2015.

Digital Library

[26]

S. Shekhar, M. Dietz, and D. S. Wallach. Adsplit: separating smartphone advertising from applications. In Proc. of the 21st USENIX, 2012.

Digital Library

[27]

N. Vallina-Rodriguez, J. Shah, A. Finamore, Y. Grunenberger, K. Papagiannaki, H. Haddadi, and J. Crowcroft. Breaking for commercials: Characterizing mobile advertising. In Proc. of the 2012 IMC. ACM, 2012.

Digital Library

[28]

N. Viennot, E. Garcia, and J. Nieh. A measurement study of Google Play. In Proc. of the SIGMETRICS. ACM, 2014.

Digital Library

[29]

X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. Profiledroid: Multi-layer profiling of android applications. In Proc. of the 18th Mobicom. ACM, 2012.

Digital Library

[30]

L. Weichselbaum, M. Neugschwandtner, M. Lindorfer, Y. Fratantonio, V. van der Veen, and C. Platzer. Andrubis: Android malware under the magnifying glass. Vienna University of Technology, Tech. Rep. TRISECLAB-0414-001, 2014.

[31]

L. Zhang, D. Gupta, and P. Mohapatra. How expensive are free smartphone apps? ACM SIGMOBILE Mobile Computing and Communications Review, 16(3):21--32, 2012.

Digital Library

Cited By

Steinböck MBleier JRainer MUrban TUtz CLindorfer MSpinellis DConstantinou EBacchelli A(2024)Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform AnalysesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644896(348-360)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644896
Bourdoucen ANurgalieva LLindqvist J(2023)Privacy Is the Price: Player Views and Technical Evaluation of Data Practices in Online GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110647:CHI PLAY(1136-1178)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611064
Ekambaranathan AZhao JChalhoub G(2023)Navigating the Data AvalancheProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35962677:2(1-24)Online publication date: 12-Jun-2023
https://dl.acm.org/doi/10.1145/3596267
Show More Cited By

Index Terms

A measurement study of tracking in paid mobile applications

Recommendations

Comprehension of ads-supported and paid Android applications: are they different?
ICPC '17: Proceedings of the 25th International Conference on Program Comprehension

The Android market is a place where developers offer paid and-or free apps to users. Free apps can follow the freemium or the ads-business model. While the former offers less features and the user is charged for unlocking additional features, the latter ...
A Measurement-based Study on Application Popularity in Android and iOS App Stores
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big Data

Mobile application stores (appstores) are emerging digital distribution platforms with explosive growth. Although there have been some observations on the mobile application (app) popularity in Android appstores, there is no report on the app popularity ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '15: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks

June 2015

256 pages

ISBN:9781450336239

DOI:10.1145/2766498

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
US Army Research Office: US Army Research Office
NSF: National Science Foundation

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Short-paper

Conference

WiSec'15

Sponsor:

SIGSAC
US Army Research Office
NSF

WiSec'15: 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks

June 22 - 26, 2015

New York, New York

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

34
Total Citations
View Citations
544
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Steinböck MBleier JRainer MUrban TUtz CLindorfer MSpinellis DConstantinou EBacchelli A(2024)Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform AnalysesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644896(348-360)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644896
Bourdoucen ANurgalieva LLindqvist J(2023)Privacy Is the Price: Player Views and Technical Evaluation of Data Practices in Online GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110647:CHI PLAY(1136-1178)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611064
Ekambaranathan AZhao JChalhoub G(2023)Navigating the Data AvalancheProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35962677:2(1-24)Online publication date: 12-Jun-2023
https://dl.acm.org/doi/10.1145/3596267
Zafar ADas AShehab MFernandez MLi N(2023)Comparative Privacy Analysis of Mobile BrowsersProceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy10.1145/3577923.3583638(3-14)Online publication date: 24-Apr-2023
https://dl.acm.org/doi/10.1145/3577923.3583638
Tamime RFarooq ASalminen JMarmion VHall W(2023)Understanding Privacy Concerns in Mobile Health Applications: A Scenario-based Online Survey2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00239(1757-1765)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00239
Zhao KZhan XYu LZhou SZhou HLuo XWang HLiu Y(2023)Demystifying Privacy Policy of Third-Party Libraries in Mobile Apps2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00137(1583-1595)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00137
Ullah IKanhere SBoreli R(2023)Privacy-preserving targeted mobile advertising: A Blockchain-based framework for mobile adsJournal of Network and Computer Applications10.1016/j.jnca.2022.103559211(103559)Online publication date: Feb-2023
https://doi.org/10.1016/j.jnca.2022.103559
Laperdrix PMehanna NDurey ARudametkin W(2022)The Price to Play: A Privacy Analysis of Free and Paid Games in the Android EcosystemProceedings of the ACM Web Conference 202210.1145/3485447.3512279(3440-3449)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512279
Ekambaranathan AZhao JVan Kleek MKitamura YQuigley AIsbister KIgarashi TBjørn PDrucker S(2021)“Money makes the world go around”: Identifying Barriers to Better Privacy in Children’s Apps From Developers’ PerspectivesProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445599(1-15)Online publication date: 6-May-2021
https://dl.acm.org/doi/10.1145/3411764.3445599
Zhang HLatif SBassily RRountev ACapkun SRoesner F(2020)Differentially-private control-flow node coverage for software usage analysisProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489270(1021-1038)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489270
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten