DOCSLIB.ORG

Privacy Implications of Android Applications in the Presence of Third-Party Libraries

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Privacy Implications of Android Applications in the Presence of Third-Party Libraries Privacy Implications of Android Applications in the Presence of Third-Party Libraries Roger Bernat Ribas Manero Thesis submitted for the degree of Master of Science in Electrical Engineering, option Electronics and Integrated Circuits Thesis supervisor: Prof.dr.ir. Bart Preneel Prof.dr.ir. Marian Verhelst Assessor: Prof.dr.ir. Claudia Diaz Mentor: Michael Herrmann Academic year 2013 – 2014 c Copyright KU Leuven Without written permission of the thesis supervisor and the author it is forbidden to reproduce or adapt in any form or by any means any part of this publication. Requests for obtaining the right to reproduce or utilize parts of this publication should be addressed to Departement Elektrotechniek, Kasteelpark Arenberg 10 postbus 2440, B-3001 Heverlee, +32-16-321130 or by email [email protected]. A written permission of the thesis supervisor is also required to use the methods, products, schematics and programs described in this work for industrial or commercial use, and for submitting this publication in scientific contests. Preface "Hoy es siempre todavía" - Antonio Machado "Fent i desfent, aprèn l’aprenent." - Ferran Boixadós Escalé After an academic year of hard work, my master thesis is finally finished. With it, I conclude my Master Degree and, therefore, a stage of my live. This time has been an amazing trip of auto-discovery. There were moments were I had to face several difficulties that completely overtook me but I always came up with a solution. I will always remember that sweet moment in which your written code works as expected. I would like to thank the KU Leuven for offering me the opportunity of doing my Master Thesis with them. Specially, I would like to thank Prof. Claudia Diaz who accepted my application from the very beginning. Also, my advisor Michael Hermann from whom I have learned a lot and without whom I could never have reached this point. Furhter, my advisor in Spain Prof. Jordi Forné for helping and guiding me from the distance. I would like to thank my colleges from the COSIC department Marc Juárez and Günes Acar for their help and interest. Furthermore, I would like to thank all the people from the COSIC. I would like to thank my family and my girlfriend Veronica for all their support during this year, backing me up every time I could not find a way to continue. Finally, I would like to thank all the incredible people I have met during this year. Specially, my room-mates Xavi Garcia, Laura Forriol and Josu Saetero and my good friend Esra Tiger. Thank you all! Moltes gràcies a tots! Dank u allen! Roger Bernat Ribas Manero i Contents Preface i Abstract iv List of Figures and Tables v List of Abbreviations and Symbols viii 1 Introduction 1 1.1 Motivation ................................ 1 1.2 Objectives, Scope and Main Conclusions ................ 3 2 Related Work 5 2.1 Privacy Implications of Android Applications ............. 5 2.2 Location Privacy ............................. 6 3 Background 9 3.1 Internals of the Android Operating System .............. 9 3.2 Android Mobile Applications Fundamentals .............. 11 4 3Ov: Identifying Over-privileges in Android Applications 17 4.1 The Google Play Market ......................... 17 4.2 Crawling the Google Play Market .................... 19 4.3 Downloading the Applications ...................... 20 4.4 Parsing the AOSP’s Permissions .................... 21 4.5 Reverse-engineering the Applications .................. 22 4.6 Parsing and Analyzing the Applications ................ 23 4.7 Generating Android Manifest Type Files ................ 28 4.8 Limitations of 3Ov ............................ 29 4.9ProofofWork............................... 30 4.10 Discussion ................................. 37 5 LPDroid: Application Transparent Protection of Location Data 39 5.1 Protecting Users’ Location at the User Level ............. 39 5.2 Protecting Users’ Location at the Framework Level .......... 46 5.3LowerLevelsoftheAOSP........................ 56 6 Future Work 57 6.1Improving3Ov.............................. 57 6.2 Improving LPDroid ............................ 58 ii Contents 7 Conclusion 59 A Source Code of 3Ov 63 A.1 Crawling the applications ........................ 63 A.2 Downloading the applications ...................... 67 A.3 Parsing AOSP’s permissions ....................... 69 A.4 Reverse-engineering the applications .................. 71 A.5 Find third-party libraries ........................ 72 A.6 Parsing and analyzing the applications ................. 76 A.7 Generating the Android Manifest files ................. 80 A.8 Discussion ................................. 83 B Source Code of LPDroid 99 B.1Userlevelsourcecode.......................... 99 B.2 Framework level source code ....................... 104 Bibliography 111 iii Abstract Mobile devices, such as smart phones and tablet computer, become increasingly popular. One reason that makes these devices so popular, is the availability of mobile applications that allow to add a wide range of functionality to the operating system of a mobile device. Recently, concerns have been raised with respect to the private information that these mobile applications are able to access. Usually, privileges can be granted to a mobile application in order to limit the data they have access to. However, since mobile applications generally do not run if not all privileges are granted, users tend to grant all necessary privileges. From a privacy perspective, this is particularly an issue, because a mobile application usually consists of several parts: One part written by its developers and several external libraries written by third parties. In this work, we present 3Ov, a tool that analyses the source code of mobile applications in order to identify the privileges necessary for the mobile application itself and the privileges that are necessary for the third party libraries. The ultimate goal of 3Ov is to find permissions that needs to be granted to a mobile application solely because the third party library requires it. We provide the evaluation of 89 applications of a proof of concept. Our results show that external libraries increase the privileges that need to be granted to the application. Since this means that users allow potentially many parties to access their private data, we discuss protecting possibilities on the example of location data. We propose LPDroid, a tool that enables to embed location privacy protecting mechanisms in the operating system itself. In particular, LPDroid allows the user to choose the level of protection and the operating system obfuscates the user’s location data automatically to all mobile applications accessing location data. iv List of Figures and Tables List of Figures 3.1 Complete Android Software Stack diagram as proposed by Yaghmour Karim. ..................................... 10 3.2 Activity’s life-cycle from Android developers website. ........... 13 3.3 Permission section of the Android Manifest file from an application that requires access to the Internet. ....................... 15 3.4 Building process of an Android application as shown in the Android developerswebsite............................... 16 4.1 Flow chart of 3Ov. .............................. 18 4.2 This function automatically initiates the download process. ....... 21 4.3 Once the application’s website is loaded, we call the autoDownloadApk() function. .................................... 21 4.4 General structure of a smali file. ...................... 24 4.5 Most popular third-party libraries found in the 1126 analyzed applications. Graph (a) shows the most popular Advertising, graph (b) the most popular Development tools libraries and graph (c) the most popular Social SDKs. ............................ 27 4.6 Presence rate of Development tools (a) and Advertising libraries (b). 28 4.7 Graph (a) shows the permissions required to use the top five Development tools libraries. Graph (b) shows the permissions required to use the top five Advertising libraries. ............... 32 4.8 Over-privileges found according to the first four heuristics. Graph (a) considers the lower bound while graph (b) the upper. ........... 34 4.9 Over-privileges found according to the fifth heuristic. ........... 35 4.10 Most popular over-privileges due to the usage of the different categories of third party libraries. Graph (a) shows the most popular over-privileges due to Development libraries. Graph (b) shows the most popular over-privileges due to Advertising libraries. ............ 35 4.11 Over-privileges found according to the fourth heuristic. ......... 36 4.12 Image (a) shows the number of applications that have declared one or more unnecessary permissions. Image (b) shows which are the most popular permissions unnecessarily granted to the applications. ..... 37 v List of Figures and Tables 5.1 Show MyLocation application running in a real device. Image (a) shows the information about the providers while image (b) shows the information embedded with the received coordinates. ........... 43 5.2 Listpermissions application running in a real device. ........ 44 5.3 Image (a) shows how the Action bar of the emulator notifies a message from TaintDroid. Image (b) shows the information of the message. 49 5.4 Image (a) shows the procedure followed every time new location coordinates are received. Image (b) shows how AppFence interrupts the work flow by calling the fakeLocation() method. ............. 50 5.5 Image (a) shows how the telnet session is established and how the (25.00, 25.00) coordinates are established with
Load more

Recommended publications
  • Privacy Concerns in Android Advertising Libraries
    RICE UNIVERSITY Privacy Concerns in Android Advertising Libraries by Theodore Book A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree Master of Science Approved, Thesis Committee: Dan S. Wallach, Chair Professor of Computer Science T. S. Eugene Ng Professor of Computer Science Lin Zhong Associate Professor of Electrical and Computer Engineering and Computer Science Houston, Texas November, 2013 ABSTRACT Privacy Concerns in Android Advertising Libraries by Theodore Book This work investigates privacy characteristics of Android advertising libraries. Taking a sample of 114,000 apps, we extract and classify their ad libraries. We then seek to understand how they make use of sensitive user data. First, we study the use of permission-protected Android API calls that provide access to user data. Here, we measure change over time by distinguishing unique versions of each library, dating them, and calculating their permission usage. We find that the use of most permis- sions has increased over the last several years, and that more libraries are able to use permissions that pose particular risks to user privacy and security. Next, we shift to the application side and consider information passed directly from the application to the ad library. We do this by reconstructing the APIs for our libraries, and examining how those APIs are used in our sample of Android applications. We find that many applications pass personal information directly to their ad libraries, without any need for the library to query the operating system directly. This behavior is most com- mon in more popular applications, suggesting that the promise of advertising dollars encourages application developers to violate users' privacy.
    [Show full text]
  • Dissecting Mobile Offerwall Advertisements: an Explorative Study
    2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS) Dissecting Mobile Offerwall Advertisements: An Explorative Study 1 1 1 1 2 1∗ 3 1 Guosheng Xu , Yangyu Hu , Qian Guo , Ren He ,LiLi , Guoai Xu , Zhihui Han , and Haoyu Wang 1 Beijing University of Posts and Telecommunications, Beijing, China 2Monash University, Australia 3 CNCERT, Beijing, China Abstract—Mobile advertising has become the most popular monetizing way in the Android app ecosystem. Offerwall, as a new form of mobile ads, has been widely adopted by apps, and a number of ad networks have provided such services. Although new to the ecosystem, offerwall ads have been criticized for being aggressive, and the contents disseminated are prone to security issues. However, to date, our community has not proposed any studies to dissect such issues related to offerwall ads. To this end, we present the first work to fill this gap. Specifically, we first develop a robust approach to identify apps that have embedded with offerwall ads. Then, we apply the tool to 10K apps and experimentally discover 312 offerwall apps. We go one step further to characterize them from several aspects, including security issues. Our observation reveals that offerwall ads could indeed be manipulated by hackers to fulfill malicious purposes. Index Terms—Offerwall, Mobile Advertising, Android, Pay-per Install, Malware I. INTRODUCTION Mobile apps have seen widespread adoption in recent years. The number of apps in Google Play has exceeded 2.7 million 濄濕濗濟濕濛濙濍澳濣濦濛澢濫濣濣濘濦濣濝濘澢濕濠濕濦濡濡濬 濃濚濚濙濦濫濕濠濠 澵濘澔濇濘濟濍澳澵濘濫濣 mark as of August 2019 [1]. A recent study [2] suggested that the app monetization scheme evolves during the evolution Fig.
    [Show full text]
  • Does This App Really Need My Location? Context-Aware Privacy Management for Smartphones 42
    Does this App Really Need My Location? Context-Aware Privacy Management for Smartphones 42 SAKSHAM CHITKARA, Carnegie Mellon University, USA NISHAD GOTHOSKAR, Carnegie Mellon University, USA SUHAS HARISH, Carnegie Mellon University, USA JASON I. HONG, Carnegie Mellon University, USA YUVRAJ AGARWAL, Carnegie Mellon University, USA The enormous popularity of smartphones, their rich sensing capabilities, and the data they have about their users have lead to millions of apps being developed and used. However, these capabilities have also led to numerous privacy concerns. Platform manufacturers, as well as researchers, have proposed numerous ways of mitigating these concerns, primarily by providing fine-grained visibility and privacy controls to the user on a per-app basis. In this paper, we show that this per-app permission approach is suboptimal for many apps, primarily because most data accesses occur due to a small set of popular third-party libraries which are common across multiple apps. To address this problem, we present the design and implementation of ProtectMyPrivacy (PmP) for Android, which can detect critical contextual information at runtime when privacy-sensitive data accesses occur. In particular, PmP infers the purpose of the data access, i.e. whether the data access is by a third-party library or by the app itself for its functionality. Based on crowdsourced data, we show that there are in fact a set of 30 libraries which are responsible for more than half of private data accesses. Controlling sensitive data accessed by these libraries can therefore be an effective mechanism for managing their privacy. We deployed our PmP app to 1,321 real users, showingthat the number of privacy decisions that users have to make are significantly reduced.
    [Show full text]
  • The Political Economy of the App
    Nieborg, D. (2016). From premium to freemium: The political economy of the app. In T. Leaver & M. Willson (Eds.), Social, Casual and Mobile Games: The Changing Gaming Landscape (pp. 225–240). London and New York: Bloomsbury Academic. Released under a Creative Commons BY-NC-ND license http://creativecommons.org/licenses/by-nc-nd/4.0/. Your rights under the License are in addition to any fair use or fair dealing rights which you have. 16 From premium to freemium: The political economy of the app David Nieborg or decades, the game industry has been dominated, if only in terms of F revenue and mindshare, by a tandem of globally operating game publish- ers and game console platform holders. Historically, these two small groups of industrial actors, primarily located in North America and Japan, have been ‘dominant forces’ in the game industry (Consalvo 2007, 123). Similarly, Johns (2006) notes that power relationships in the game hardware and software production networks are uneven and are affected by temporal and spatial dimensions. Driven by the cyclical introduction of new hardware platforms, the platform/publisher duo served a relatively stable, highly lucrative niche market (Williams 2002; Kerr 2006). Every fi ve to seven years, development and marketing budgets increase and, as a result, so do fi nancial risks and the distribution of capital and power (Schilling 2003). Geographically, the main centers for console game development have been North America, Western Europe and the Asia Pacifi c (Johns 2006). That is to say, the majority of the billions of dollars of value generated by the sale of video game hardware and software has been captured by a small number of globally operating fi rms who have a high rate of incumbency.
    [Show full text]
  • Documentation Can Be Found Here: We Do All That for You, Just Have to Check the Box in Our Settings Window
    MOBILE ADS WHY DO YOU NEED TO USE THIS PLUGIN ? ● Integrate easily all supported advertisers simply by importing their SDK, no other settings are required. It is not mandatory to integrate all/any of the supported advertisers to work. ● Load ad from any ad platform using the same line of code. ● Customizable mediation policy by using either order mediation or percent based mediation. You can select independent type of mediation for each type of ad (banner, interstitial, rewarded video). ● Read mediation config file from an external server of choice to allow the ad display order to be changed without uploading a new build to the store. ● Works for Android/iOS/Windows Store without any additional Unity setup. ● Built in Remove Ads functionality. ● GDPR, ATT, COPPA, CCPA Compliant. ● Compatible with Playmaker, Bolt and Game Flow 2 CURRENTLY SUPPORTED ADVERTISERS 3 GDPR COMPLIANCE Our plugin does not collect any personal information only selected advertisers collect personal information about users. Here is a list of how any advertiser deals with personal user data and what you have to do to be compliant with GDPR: Unity Ads Versions 2.0 and above will automatically present users with an opportunity to opt-out of targeted advertising, with no implementation needed from the publisher. On a per-app basis, the first time a Unity ad appears, the user will see a banner with the option to opt-out of behaviorally targeted advertising. Thereafter, the user can click an informa- tion button to receive the opt-out again. No specific action needed. Vungle Vungle will display a consent dialog before playing an ad for a European user, and will remember the user’s consent or rejection for subsequent ads.
    [Show full text]
  • FACT OR FICTION? WHAT WESTERN DEVS NEED to KNOW ABOUT LAUNCHING MOBILE GAMES in CHINA Read More
    FEATURE STORY: FACT OR FICTION? WHAT WESTERN DEVS NEED TO KNOW ABOUT LAUNCHING MOBILE GAMES IN CHINA read more 1 CHARTBOOST POWER-UP REPORT NOVEMBER 2016 Contents How China Transformed Into a 1 Mobile Gaming Dynasty read more Fact or Fiction? What Western Devs Need to 5 Know About Launching Mobile Games in China read more The History of Mobile 2 Gaming in China read more 2016 Mobile Game M&As: Closing 6 the Gap Between East and West read more Trend Watch: Major Shifts Shaping 3 China’s Mobile Game Industry read more Seeing Double: A Closer Look at Copycatting 7 in China’s Mobile Game Market read more Analyst ZHugeEX on the Challenge 4 of Publishing Mobile Games in China read more Sleepy Z Studios’s Ski Safari 2 2 CHARTBOOST POWER-UP REPORT NOVEMBER 2016 1 HOW CHINA TRANSFORMED INTO A MOBILE GAMING DYNASTY here’s a new sheriff in town, and its name is China. After decades of dominance, the world’s leader in global games revenue has T changed hands from the U.S. to China. According to data revealed by the Ministry of China, revenue in China’s games sector attained $22 billion in 2015 buoyed by the country’s 670 million internet users (al- most half the population of China)—370 million of which were playing online games (larger than the U.S. population). Notwithstanding Japan, no other country has risen as fast as China has, from a country that once banned game consoles for over a decade to the most profitable country for games in the world.
    [Show full text]
  • Mobile Games Advertising Report 2018 :: in Association with Mintegral
    IN ASSOCIATION WITH Mobile Games Report Mobile Games Advertising Report 2018 www.pocketgamer.biz ©2018 Steel Media Ltd This report and its contents are the copyright of Steel Media Ltd and www.mintegral.com may not be distributed, copied, or reproduced without permission. Contents The mobile games advertising report 2018 by PocketGamer.biz and Mintegral From breaking industry stories and in-depth interviews with key executives to updates on industry events and detailed analysis of mobile games metrics, PocketGamer.biz is the first port of call for mobile game developers, publishers, operators, handset manufacturers, investors, and service providers. www.pocketgamer.biz The growth of mobile advertising and games 3 Jon Jordan | Writer Joao Diniz-Sanches | Production High level trends – Zynga and Glu The rise of playable ads 19 Mobile 8 Jez Bridgeman | Creative Director Paul Edwards | Senior Designer The view from Mintegral 21 Craig Chapple | Senior Editor Why developers love rewarded video ads 10 Case Study: How Mintegral ©2018 Steel Media Ltd This report and its contents are the copyright of works with Playrix 22 Steel Media Ltd and may not be distributed, copied, or reproduced without permission. The view from PikPok 13 What’s next? 23 Funding new ways to play 14 Sources 25 All statistics in this report are for informational purposes only and are correct at time of going to press to the best of Why players love rewarded our knowledge. Steel Media can accept no responsibility for inaccuracies that occur but where mistakes are video ads 17 About Mintegral 26 discovered we will correct any oversight.
    [Show full text]
  • Analysis of Privacy and Security Risks of Android VPN Apps
    An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps Muhammad Ikram1;2, Narseo Vallina-Rodriguez3, Suranga Seneviratne1, Mohamed Ali Kaafar1, Vern Paxson3;4 1Data61, CSIRO 2UNSW 3ICSI 4UC Berkeley ABSTRACT to request the BIND_VPN_SERVICE permission (for sim- Millions of users worldwide resort to mobile VPN clients to plicity, the “VPN permission”) to create such clients. either circumvent censorship or to access geo-blocked con- Android’s official documentation highlights the serious tent, and more generally for privacy and security purposes. security concerns that the VPN permission raises: it allows In practice, however, users have little if any guarantees about an app to intercept and take full control over a user’s traf- the corresponding security and privacy settings, and perhaps fic [60]. Many apps may legitimately use the VPN permis- no practical knowledge about the entities accessing their mo- sion to offer (some form of) online anonymity or to enable bile traffic. access to censored content [84]. However, malicious app de- In this paper we provide a first comprehensive analysis velopers may abuse it to harvest users’ personal information. of 283 Android apps that use the Android VPN permission, In order to minimize possible misuse, Android alerts users which we extracted from a corpus of more than 1.4 million about the inherent risks of the VPN permission by display- apps on the Google Play store. We perform a number of ing system dialogues and notifications [60]. A large fraction passive and active measurements designed to investigate a of mobile users may however lack the necessary technical wide range of security and privacy features and to study the background to fully understand the potential implications.
    [Show full text]
  • FQ1 2021 Earnings Call Transcripts Tuesday, May 11, 2021 9:00 PM GMT S&P Global Market Intelligence Estimates
    Unity Software Inc. NYSE:U FQ1 2021 Earnings Call Transcripts Tuesday, May 11, 2021 9:00 PM GMT S&P Global Market Intelligence Estimates -FQ4 2020- -FQ1 2021- -FY 2020- -FY 2021- CONSENSUS CONSENSUS CONSENSUS CONSENSUS EPS Normalized (0.15) (0.12) (0.38) (0.37) Revenue (mm) 204.15 217.08 757.69 967.22 Currency: USD Consensus as of May-05-2021 12:08 PM GMT - EPS NORMALIZED - CONSENSUS ACTUAL SURPRISE FQ3 2020 (0.15) (0.09) NM FQ4 2020 (0.15) (0.10) NM COPYRIGHT © 2021 S&P Global Market Intelligence, a division of S&P Global Inc. All rights reserved 1 spglobal.com/marketintelligence Contents Table of Contents Call Participants .................................................................................. 3 Presentation .................................................................................. 4 Question and Answer .................................................................................. 7 COPYRIGHT © 2021 S&P Global Market Intelligence, a division of S&P Global Inc. All rights reserved 2 spglobal.com/marketintelligence UNITY SOFTWARE INC. FQ1 2021 EARNINGS CALL | MAY 11, 2021 Call Participants EXECUTIVES John S. Riccitiello CEO, President & Executive Chairman Luis Felipe Visoso Senior VP & CFO Richard Hugh Davis Vice President Investor Relations & Strategy ANALYSTS Brent Alan Bracelin Piper Sandler & Co., Research Division Franco Rafael Granda Penaherrera D.A. Davidson & Co., Research Division Thomas Michael Roderick Stifel, Nicolaus & Company, Incorporated, Research Division Unknown Analyst X. Lu Barclays Bank PLC, Research Division Copyright © 2021 S&P Global Market Intelligence, a division of S&P Global Inc. All Rights reserved. spglobal.com/marketintelligence 3 UNITY SOFTWARE INC. FQ1 2021 EARNINGS CALL | MAY 11, 2021 Presentation Richard Hugh Davis Vice President Investor Relations & Strategy [Audio Gap] with introductory remarks by John and Luis, and then we will have -- we've collected and sorted questions from our analysts.
    [Show full text]
  • The State of Mobile Monetization
    1 THE STATE OF MOBILE MONETIZATION September 2017 THE STATE OF MOBILE MONETIZATION – S e p t e m b e r 2017 2 Table of Contents Introduction Key Findings Methodology P3 P4 P5 In App10 AdvertisingOFFICES Results Appendix A P6-9 P10-29 P30-31 Usage Restrictions The information, materials, data, images, graphics, and other components of this report ("Report") are copyrighted and owned or controlled by Mobbo, (Big Data Technologies LTD.) unless otherwise noted. Unauthorized use of the Report may violate copyright, trademark and/or other intellectual property rights of Mobbo. The Report may not be modified, copied, distributed, republished, uploaded, posted, decompiled, or transmitted in any way, without the prior written consent of Mobbo. When citing Our Data or Reports, if so permitted by us, blog , reports or slide decks you receive through our Site or Services, you must clearly indicate the source as “Mobbo”. If you are publishing screenshots of Mobbo tables, charts, or other content, the Mobbo logo must be clearly visible in the screenshots. THE STATE OF MOBILE MONETIZATION – S e p t e m b e r 2017 3 Introduction To improve and ultimately perfect an app, developers need to select the right SDKs – Software Development Kits. However, in today’s marketplace app developers are literally inundated with SDK choices, making it difficult to choose the best ones. The Mobbo Power Index offers app publishers and marketers robust benchmarks of mobile app SDK components, helping them to make informed decisions about the best technology stacks. The report sheds light on the scale and performance of popular SDK components and tracks the movers and shakers in the mobile industry.
    [Show full text]
  • Marketing and Monetization for Mobile Indies: Data from the Trenches
    Marketing and Monetization for Mobile Indies: Data from the Trenches Keith Katz Co-Founder @Ztakk Investor Presentation: October 2013 How do I analyze the competition? What marketing and analytics services do I need? Where do I test/soft launch my game? How much cash do I need and where do I spend it? Can different networks impact my campaigns? What impact does featuring have? What ad revenues can I expect? How do I measure and iterate on early retention? How do I test my icon? Look for a “Goldilocks” pie slice Find successful games like yours in some way More important (and harder): find failures like yours Testing & Research User Acquisition Monetization & Analytics =SDK Required Mid-Core Dungeon Crawler Casual to Mid-Core Brawler Hard-Core Exploration RPG Hard-Core RPG All data comes from ad networks, Flurry, Apsalar: FREE <Special Thanks to Lysiane Charest> We Don’t Know Nothin’ (but we’re getting a bit better) “SuperData estimates that the cost per install was $2.73 for mobile games” -GamesBeat, November 2013 “In Q4 2013, iOS CPI rates…ranged between $.90 in China and $2.59 in Australia. The average CPI among all countries was $1.31” -Distimo, February 2014 “Android [CPI’s] dropped 29 percent to $1.27 in January from its December spike of $1.80…iOS increased 13 percent in to $1.01 in January from December’s $0.88” -Fiksu, March 2014 “For [Google Play] the average cost per install in the U.S. was $1.13, $0.95,in the United Kingdom, and $1.18 in Canada.” -Chartboost, March 2014 Daily CPI $0.00 $0.50 $1.00 $1.50 $2.00 $2.50 Chartboost
    [Show full text]
  • App Glossary Terms
    App Glossary Terms APP DICTIONARY A/B testing Testing two or more variations of app elements to see which one performs better. Examples could be buttons, background colors, icons, screenshots, fonts, and app content. Ad network Allows app developers to create customized interstitial and video ads, promote new apps, and swap traffic with other developers. Analytics The discovery and communication of meaningful patterns in data. Developers use analytics to track the actions of mobile app users within an app. Android Application Package file (APK) A file format used to deliver mobile apps to Android devices for testing or distribution. App builds Compiling a mobile app code into a finished mobile app product. A packaged/compiled version of your mobile app software. App developer A person that creates apps for mobile devices. App development The process of creating apps for mobile devices. App distribution The process of getting a mobile app to end users. Ready for sale on a mobile market like Google Play. App package The final output of the app development process. An app package is deployable to an app store. Copyright © 2015 Amazing.com 1 App Glossary Terms App Store Optimization (ASO) The process of optimizing mobile apps to rank higher in search results. The better your ASO, the more likely your app will reach millions of devices. ASO is inextricably linked to an app’s success. Learn more about ASO here. App store ranking The position an app is indexed in the app store based on downloads, sales, usage, and retention. App store rating A scale that describes your app as a quality and maturity indicator.
    [Show full text]