Privacy Leakage in Personalized Mobile In-App Ads The Price of Free Privacy Leakage in Personalized Mobile In-App Ads Authors – Wei Meng, Ren Ding, Simon P. Chung, Steven Han, and Wenke Lee Presented By – Jordan Wong

Motivation Mobile ads are essential to the mobile app ecosystem Using personalized ads have a higher success rate But what are the hidden costs of mobile ads? Our mobile devices are very intimate devices Privacy leakage is a serious issue https://e27.co/wp-content/uploads/2015/07/MOBILE-ADVERTISING.jpg

Background Mobile ecosystem Types of targeting App developer Advertiser Ad network Types of targeting Topic targeting – ad and app contain the same topics Interest targeting – user interested in the ad content Demographic targeting – ad content appeals to a demographic Mobile vs web advertising Lack of isolation in mobile advertising https://media.licdn.com/mpr/mpr/shrinknp_800_800/AAEAAQAAAAAAAAMPAAAAJGQ0M2UyYTdiLTBlMTMtNGFjNi1iNWNkLWNmMWYyODQ3ZWExZg.jpg

Purpose of this paper Analyzing ad networks How much user information do ad networks know How much of this is used in ad personalization Accuracy of the personalization algorithm Are mobile ads a new channel of privacy leakage? What can be learnt from analyzing the ads someone receives

Challenges How to simulate real users in the experiment? Recruit real people to conduct the experiment Geo-location is a very dominant factor in ad personalization Use a Virtual Private Network (VPN) to mask location All requests originate from same IP address

Methodology Using Android App market ( > 75% market share) Using Google’s AdMob ( 35% market share) More than 200 Android users were recruited Provide information about themselves Install and run the research app https://www.technobuffalo.com/wp-content/uploads/2011/12/android_market-470x310@2x.png

App Design Makes 100 ad requests without any ad control Collects the ads received without clicking on them Landing URL’s were used Collected ads categorized

Results – Interest targeting Mobile ads are highly personalized based on user’s interest More than 40% of users had 60% of the ads received match their real interest

Results – Demographic targeting Biggest factor is gender 2nd is parental status 3rd is income Personalization algorithm considers this, not the advertisers Age, ethnicity and education have lowest impact

Privacy Leakage Why is this a problem? Exploiting your personal information Used machine learning classification algorithms Build user profile from ads they received Used dummy algorithm as base line Randomly guesses user profiles https://inform.tmforum.org/wp-content/uploads/2015/12/privacy_shutterstock_143084485.jpg

Reconstruction Results Classification algorithms performed better than dummy algorithm in ALL categories Easier to derive user profiles using the information about their ads

Countermeasures Isolate app and ad process Reduce effectiveness of ad networks personalization algorithm Unlikely all ad networks will do this Use HTTPS Does not solve problem http://privacypolicies.com/blog/wp-content/uploads/2015/12/privacy-lock.png

Criticism - Negatives No validation done on participants Ethics Their user profiles Demographic information they provided Ethics Advertisers paying for this experiment

Criticism - Positives Addresses weaknesses in previous research Aware of some of their weaknesses Consider geo-location in the future Use more ad networks

Thank you Q & A