Improving Security and Privacy of Android Ad Libraries

Improving Security and Privacy of Android Ad Libraries

时间：2012年3月29日 地点：九龙湖校区计算机楼313室

报告简介：

Recent years have witnessed incredible growth in the popularity and prevalence of smart phones and their application markets. Mobile applications may have a direct purchasing cost or be free but ad-supported. Unlike in-browser ads, the security and privacy implications of ads in Android applications have not been thoroughly explored. We compare the similarities and differences of in-browser ads and in-app ads. We examine the effect on user privacy of popular Android ad providers by reviewing their use of permissions. Worryingly, several ad libraries take advantage of permissions beyond the required and optional ones listed in their documentation, including dangerous permissions like camera, write calendar, and write contacts. Further, we discover the insecure use of Android's JavaScript extension mechanism in several ad libraries. We show that users can be tracked by a network sniffer across ad providers and by an ad provider across applications. Finally, we discuss several possible solutions to the privacy issues identified above.

报告人简介：

无

计算机网络和信息集成教育部重点实验室（东南大学）