Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spying on Android Users Through Targeted Ads

Published byKristopher Bradford Modified over 6 years ago

Similar presentations

Presentation on theme: "Spying on Android Users Through Targeted Ads"— Presentation transcript:

1 Spying on Android Users Through Targeted Ads
Eeva Terkki, Ashwin Rao, and Sasu Tarkoma Department of Computer Science University of Helsinki

2 Acknowledgements David Choffnes, Mohammad Hoque, Tiia Koskinen, Thorben Krüger, Arnaud Legout, Mika Viinamäki, and Otto Waltari Nokia Center for Advanced Research (NCAR) Academy of Finland grant Poju 2 / 19

3 ... ... Background Phones have a wealth of our private information
We use a large number of free* apps ... -Our daily schedules and what we plan to do next - Our bank cards and receipts - Our pictures - And many more -Games such as Angry Birds, -Apps to use the sensors, barcode scanners, torchlight, etc. -Multimedia, music and video, -Chatting and conversations such as Skype, ... *may contain ads 3 / 19

4 Mobile Ads Ecosystem Ad Network Ads targetted to mobile users Provide
ad libraries ad libraries Embed in apps Show ads to users Interact with ads 4 / 19

5 Targeted Ads Mobile devices are an ideal medium
Ads that match our likes and needs Phone Ad Network Mobile devices are an ideal medium for showing targeted ads GET Advertisement time time 5 / 19

6 Targeting Parameters 6 / 19

7 Permissions from Apps Ad networks collect a wealth
of private information 7 / 19

8 Device Identifier for Requesting Ads
IMEI, Android ID, Phone number, etc were used As of August 2014, Android mandates ad libraries only use the Android advertising ID Users can reset Android advertising ID The advertising ID is a vital key to a user’s information in the ad networks 8 / 19

9 Android advertising ID Leaks
Millennial Media Ad Library Millennial Media Ad Network GET Some ad networks exchange the advertising ID over HTTP text/html GET &aaid=<advertising id>&... time time 9 / 19

10 Motivation Can an attacker exploit the leaked identifier
Mobile devices are an ideal medium for targetted ads Ad networks collect a wealth of private information The advertising ID is a vital key to a user's information available at the ad networks Some ad networks exchange this ID over HTTP Can an attacker exploit the leaked identifier to request and receive ads targeted at a victim? What are the hurdles faced by an attacker when conducting such an attack? 10 / 19

11 Emulated Victims of Spying
Samsung S5 (Android 5.0) Nexus 6 (Android 6.0.1) 11 / 19

12 Apps Installed Pregnancy Dating 12 / 19

13 Custom App for Requesting Ads
13 / 19

14 Preliminary Observation
Metric: Ad Fill Rate fraction of ad requests made by the ad library to which the ad network responds with an ad Flurry 14.3% InMobi 13.01% Millennial Me dia – same ad AdMob 100% Ads in Finnish, different ads in different profiles Artefact of geographical location? 14 / 19

15 Assumptions Attacker has access to the Android advertising ID
Attacker uses emulated Android devices Two virtual devices on Genymotion Can receive real ads Generic: Random advertising ID Attack: Victim's advertising ID 15 / 19

16 Attack Scenarios Internet Meddle Server Ad Server Victim's device
VPN Ad Server Victim's device VPN Laptop emulating virtual Android devices Scenario 1) Same App Different Network Scenario 1) Same App Different Network Scenario 2) Same App Same Network Scenario 2) Same App Same Network Scenario 3) Different App Different Network 16 / 19

17 Experiment Results Pregnancy Dating 17 / 19

18 Discussion Targeting of Mothers Geographical Location
Choice of Emulator Importance of Context Adding noise to profiles Preventing leaks and spying Awareness of privacy issues 18 / 19

19 Thank You! ashwin.rao@helsinki.fi
19 / 19

Download ppt "Spying on Android Users Through Targeted Ads"

Similar presentations

Roman Schlegel City University of Hong Kong Kehuan Zhang Xiaoyong Zhou Mehool Intwala Apu Kapadia XiaoFeng Wang Indiana University Bloomington NDSS SYMPOSIUM.

Roman Schlegel City University of Hong Kong Kehuan Zhang Xiaoyong Zhou Mehool Intwala Apu Kapadia XiaoFeng Wang Indiana University Bloomington NDSS SYMPOSIUM.
Mobile Applications: Changes in social networking and mobile phones By Elias Chesy.

Mobile Applications: Changes in social networking and mobile phones By Elias Chesy.
Facebook for RSVP’ers You can do it!. What Questions Do You Have? What are you wanting to learn at this training?

Facebook for RSVP’ers You can do it!. What Questions Do You Have? What are you wanting to learn at this training?
DeVry University Donelle Vance. GRAB - The Cross Platform iPhone, iPad & Android Phone Sharing Application August 2011.

DeVry University Donelle Vance. GRAB - The Cross Platform iPhone, iPad & Android Phone Sharing Application August 2011.
App Inventor Barb Ericson Georgia Tech

App Inventor Barb Ericson Georgia Tech
Skype Created By Niklas Zennstrom in 2003 Today more than 370 Million people are registered globally. Skype is currently the largest international voice.

Skype Created By Niklas Zennstrom in 2003 Today more than 370 Million people are registered globally. Skype is currently the largest international voice.
Your apps are watching you Presented by Apeksha Barhanpur CS 541.

Your apps are watching you Presented by Apeksha Barhanpur CS 541.
Mobile App Monetization: Understanding the Advertising Ecosystem Vaibhav Rastogi.

Mobile App Monetization: Understanding the Advertising Ecosystem Vaibhav Rastogi.
Ubiquitous Advertising: the Killer Application for the 21st Century Author: John Krumm Presenter: Anh P. Nguyen

Ubiquitous Advertising: the Killer Application for the 21st Century Author: John Krumm Presenter: Anh P. Nguyen
2015. 6. 26 박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST). 2012.

박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST)
Your Apps Are Watching You CS 595 - Elliott Peay.

Your Apps Are Watching You CS Elliott Peay.
Using SWHS: The AUP [Acceptable Use Policy]

Using SWHS: The AUP [Acceptable Use Policy]
救災資訊輔助系統 (Disaster Information Aid System) 學生 : 白繕維、林俊佑、陳以龍 Reference Acknowledgement [1] ]

救災資訊輔助系統 (Disaster Information Aid System) 學生 : 白繕維、林俊佑、陳以龍 Reference Acknowledgement [1] ]
Internet Safety Night Raising Good Digital Citizens.

Internet Safety Night Raising Good Digital Citizens.
Smart and Social The Industry’s Crown Jewel. 2 Introduction Senior Research Analyst at Robert W. Baird & Co. Baird is one of the largest private investment.

Smart and Social The Industry’s Crown Jewel. 2 Introduction Senior Research Analyst at Robert W. Baird & Co. Baird is one of the largest private investment.
FCM Workflow using GCM.

FCM Workflow using GCM.
Online Services. An online service is a service delivered from the internet.

Online Services. An online service is a service delivered from the internet.
Today we are teaching the Millennial Generation!!!!

Today we are teaching the Millennial Generation!!!!
Cevgroup.org C utting E dge V isionaries. cevgroup.org TODAY’s TALK 1) Internet Of Things (IoT) 2) Wi-Fi Controlled Robots 3) Augmented Reality.

Cevgroup.org C utting E dge V isionaries. cevgroup.org TODAY’s TALK 1) Internet Of Things (IoT) 2) Wi-Fi Controlled Robots 3) Augmented Reality.
David Choffnes, Northeastern University Jingjing Ren, Northeastern University Ashwin Rao, University of Helsinki Martina Lindorfer, Vienna Univ. of Technology.

David Choffnes, Northeastern University Jingjing Ren, Northeastern University Ashwin Rao, University of Helsinki Martina Lindorfer, Vienna Univ. of Technology.

Similar presentations

Ads by Google