DOCSLIB.ORG

Addroid: Privilege Separation for Applications and Advertisers in Android

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Addroid: Privilege Separation for Applications and Advertisers in Android AdDroid: Privilege Separation for Applications and Advertisers in Android Paul Pearce, Adrienne Porter Felt Gabriel Nunez David Wagner Computer Science Division Sandia National Laboratory∗ Computer Science Division University of California Berkeley [email protected] University of California Berkeley {pearce, apf}@cs.berkeley.edu [email protected] ABSTRACT Before developers can distribute an Android application, Advertising is a critical part of the Android ecosystem| they must identify and declare what permissions their ap- many applications use one or more advertising services as plications need. The installation process shows these per- a source of revenue. To use these services, developers missions to users if they choose to install the application. must bundle third-party, binary-only libraries into their However, the Android security model does not provide any applications. In this model, applications and their adver- special support for advertisements. This means that there tising libraries share permissions. Advertising-supported is no way for the user or the operating system to differen- applications must request multiple privacy-sensitive per- tiate between the permissions necessary for the host appli- missions on behalf of their advertising libraries, and ad- cation and those needed by advertising libraries. A simple vertising libraries receive access to all of their host appli- advertisement-supported application (e.g., a game or cus- cations' other permissions. We conducted a study of the tom ringtone application) must request multiple privacy- Android Market and found that 49% of Android applica- sensitive permissions unrelated to its functionality just so tions contain at least one advertising library, and these it can display advertisements. Advertising libraries often require permissions for network connectivity, location in- libraries overprivilege 46% of advertising-supported appli- 1 cations. Further, we find that 56% of the applications with formation, and phone state. Since developers include the advertisements that request location (34% of all applica- advertising library as part of the application, applications tions) do so only because of advertisements. Such pervasive can use the permissions needed for advertising libraries, overprivileging is a threat to user privacy. We introduce and vice versa. This is an instance of overprivileging: the AdDroid, a privilege separated advertising framework for advertising libraries require applications to take on addi- the Android platform. AdDroid introduces a new adver- tional privileges that they otherwise might not need. More- tising API and corresponding advertising permissions for over, these additional permissions have serious implications the Android platform. This enables AdDroid to separate for user privacy. privileged advertising functionality from host applications, The current advertising model results in the following allowing applications to show advertisements without re- classes of threats: questing privacy-sensitive permissions. • Advertisers may track users without their knowledge. • Untrusted applications may have access to unneces- 1. INTRODUCTION sary private data, such as the user's location. The Android Market [2] has given Android developers an avenue to rapidly develop and distribute applications • If an adversary exploits a buggy application, the be- directly to consumers. Mobile advertising services such as nign-but-buggy application may inadvertently leak or AdMob [1] and Millennial Media [21] play a key role in this expose sensitive information to attack. ecosystem by allowing developers to generate revenue from • Malicious or opportunistic advertising networks could advertisements. These advertisers distribute libraries that abuse the permissions of their host applications. make it easy for applications to request advertisements and display them in their user interfaces. • Applications frequently requesting sensitive permis- sions, or permissions unrelated to the application's ∗ Work done while at the Computer Science Division, Uni- functionality, can train users to ignore permission versity of California Berkeley. warnings [12]. • Advertising libraries have been observed download- ing code over HTTP and dynamically executing it at Permission to make digital or hard copies of all or part of this work for runtime [13]. personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies To combat these threats we propose AdDroid, an exten- bear this notice and the full citation on the first page. To copy otherwise, to sion of the Android platform that provides special support republish, to post on servers or to redistribute to lists, requires prior specific 1 permission and/or a fee. Applications need phone state to obtain the phone's In- ASIACCS ’12, May 2–4, 2012, Seoul, Korea. ternational Mobile Equipment Identity (IMEI). Developers Copyright 2012 ACM 978-1-4503-1303-2/12/05 ...$10.00. can use the IMEI as a unique customer identifier. for advertisements. In AdDroid, the host application and the core advertising code run in separate protection do- mains. We accomplish this privilege separation by mov- ing privileged functionality into a new Android system service. Application developers may incorporate adver- tisements into their application by invoking the AdDroid advertising application programming interface (API). Ap- plications using AdDroid no longer need privacy-sensitive permissions just to display advertisements. To understand the potential value of AdDroid, we an- alyzed a set of 964 real-world Android applications col- lected from the Android Market. We found that 49% of applications contain at least one advertising network li- brary. We also found that application developers over- privileged 46% of advertising-supported applications (23% of all applications) by one or more permissions as a di- rect result of their use of advertising libraries. Further, we found that 27% of advertising-supported applications receive both Internet connectivity and location informa- Figure 1: At left, an application's requested per- tion, even though the application needs neither for its missions are shown as part of the installation pro- functionality. This particular combination of permission cess. At right, an example of an advertisement (top overprivilege is potentially sensitive because it allows ap- of screen) in an application. plications to track a user's location without their knowl- edge. Lastly, we found that 34% of all applications (56% of advertising-supported applications) that request loca- the microphone, and the ACCESS_FINE_LOCATION permis- tion do so only because of advertisements. With AdDroid, sion permits access to the phone's GPS location. An ap- 27% of advertising-supported applications would no longer plication cannot perform a given operation unless it has need Internet access, 25% would no longer need location the related permission. information, and 8% would no longer need phone state in- In order to gain permissions, applications must first re- formation. Overall, AdDroid would reduce overprivileging quest them. Developers determine (e.g., via testing) the in 46% of advertising-supported applications. permissions that their applications require, and then they Contributions. The contributions of this work include: bundle their applications with the appropriate list of per- mission requests. Different applications request different • We identify and detail the problem of advertising- sets of permissions, based on their functionality. related overprivileging, including a detailed model of The Android installer asks users to grant these permis- the threats faced by users and developers (Section 2). sion when they install the application. After initiating the • We design and implement AdDroid, a solution to the installation process, the system shows the user the list of threat of advertising overprivilege that applies priv- permissions that the application requests. Figure 1 shows ilege separation to advertising libraries (Sections 3 a screenshot of the permission authorization process in the and 4). Android Market. The user implicitly accepts the permis- sion requests by choosing to complete the installation pro- • We measure the threat of advertising overprivilege cess. Permission authorization is all-or-nothing; the user and the impact of AdDroid with an advertising and must accept all of the application's permission requests or overprivilege measurement study performed on ap- cancel installation. Once installed, these permissions will plications from the Android Market (Section 5). be available to the application each time it executes. 2. BACKGROUND 2.2 Advertising Libraries To frame the problem, we describe the Android permis- Advertising networks serve as middlemen between ap- sion system and explain how mobile advertising currently plication developers and advertisers. The advertising net- works. We then explain how the current system leads to works supply developers with advertising libraries, and de- privacy and security threats from legitimate advertising velopers place the libraries in their applications. The li- networks, grayware, benign-but-buggy applications, mali- braries provide APIs for inserting advertisements into the cious advertising networks, and vulnerable advertising net- application's user interface and handle the fetching, ren- works. dering, and tracking of advertisements. These libraries are responsible for 65%-75%
Load more

Recommended publications
  • June 7, 2010 ANALYSIS of the FTC's DECISION NOT to BLOCK
    June 7, 2010 ANALYSIS OF THE FTC’S DECISION NOT TO BLOCK GOOGLE’S ACQUISITION OF ADMOB Randy Stutz and Richard Brunell* Introduction On May 21, 2010, after months of investigation, the Federal Trade Commission (FTC) announced that it would not challenge Google’s $750 million acquisition of AdMob, a mobile advertising network and mobile ad solutions and services provider.1 In this white paper, we present AAI’s analysis of the FTC’s decision. The FTC found that, but for recent developments concerning Apple, the acquisition “appeared likely to lead to a substantial lessening of competition in violation of Section 7 of the Clayton Act.” According to the FTC, Google and AdMob “currently are the two leading mobile advertising networks, and the Commission was concerned about the loss of head-to-head competition between them.” The companies “generate the most revenue among mobile advertising networks, and both companies are particularly strong in … performance ad networks,” i.e. those networks that sell advertising by auction on a “per click” or other direct response basis. Without necessarily defining a relevant market, the Commission apparently saw a likelihood of unilateral anticompetitive effects, as it found “each of the merging parties viewed the other as its primary competitor, and that each firm made business decisions in direct response to this perceived competitive threat.” Yet, Apple’s acquisition of the third largest mobile ad network, Quattro Wireless, in December 2009, and its introduction of its own mobile advertising network, iAd, as part of its iPhone applications package, convinced the FTC that the anticompetitive effects of the acquisition “should [be] mitigate[d].” The Commission “ha[d] reason to believe that Apple * Randy Stutz is a Research Fellow and Richard Brunell is the Director of Legal Advocacy of the American Antitrust Institute (AAI), a non-profit research and advocacy organization devoted to advancing the role of competition in the economy, protecting consumers, and sustaining the vitality of the antitrust laws.
    [Show full text]
  • July 23, 2020 the Honorable William P. Barr Attorney General United
    July 23, 2020 The Honorable William P. Barr Attorney General United States Department of Justice 950 Pennsylvania Avenue, NW Washington, DC 20530 Dear Attorney General Barr: We write to raise serious concerns regarding Google LLC’s (Google) proposed acquisition of Fitbit, Inc. (Fitbit).1 We are aware that the Antitrust Division of the Department of Justice is investigating this transaction and has issued a Second Request to gather additional information about the acquisition’s potential effects on competition.2 Amid reports that Google is offering modest, short-term concessions to overseas enforcers to avoid a full-scale investigation of the transaction in Europe,3 we write to urge the Division to continue with its efforts to conduct a thorough and comprehensive review of this proposed merger and to take any and all enforcement action warranted by the law and the evidence. It is no exaggeration to say that Google is under intense antitrust scrutiny across the globe. As you know, the company has been under investigation for potential anticompetitive conduct across a number of product markets by the Department and numerous state attorneys general, as well as by a number of foreign competition enforcers, some of which are also reviewing the proposed Fitbit acquisition. Competition concerns about Google are widespread and bipartisan. Against this backdrop, in November 2019, Google announced its proposed acquisition of Fitbit for $2.1 billion, a staggering 71 percent premium over Fitbit’s pre-announcement stock price.4 Fitbit—which makes wearable technology devices, such as smartwatches and fitness trackers— has more than 28 million active users submitting sensitive location and health data to the company.
    [Show full text]
  • If Google Is a 'Bad' Monopoly, What Should Be Done?
    If Google Is A 'Bad' Monopoly, What Should Be Done? Google Inc. is currently subject to antitrust investigations by state attorneys general in the United States, as well as antitrust authorities in the European Union. Google and its allies have mounted a vigorous public defense, arguing that Google’s activity should be immune from antitrust scrutiny or that imposing a remedy on Google would transform antitrust enforcers into some kind of undesirable “software regulatory agency,” which would threaten innovation in the Internet. These arguments are reminiscent of the claims made 20 years ago that antitrust analysis was too outdated to apply to high-tech industries. That argument was rejected then, and it should be rejected now. Exclusionary conduct by a dominant firm can distort fair competition in high-tech markets, Samuel Miller just as in more traditional markets. Antitrust remedies can, and should, be imposed to make sure that a dominant company does not improperly keep rivals out of its markets or improperly strengthen its dominant position, to the detriment of consumers and innovation. EU Competition Commissioner Joaquin Almunia rejected Google’s original proposals to resolve claims of anti-competitive conduct in July 2013, and is currently considering a revised proposal submitted by Google. So what remedy proposals would make sense? This article will outline potential antitrust remedies that may appropriately be imposed upon Google, assuming antitrust authorities or courts determine that Google has violated the antitrust laws. What Is an Illegal Monopoly? A company violates Section 2 of the Sherman Act when it acquires or maintains or “monopoly power” in a relevant market by “exclusionary” conduct.
    [Show full text]
  • Mobile Developer's Guide to the Galaxy
    Don’t Panic MOBILE DEVELOPER’S GUIDE TO THE GALAXY U PD A TE D & EX TE ND 12th ED EDITION published by: Services and Tools for All Mobile Platforms Enough Software GmbH + Co. KG Sögestrasse 70 28195 Bremen Germany www.enough.de Please send your feedback, questions or sponsorship requests to: [email protected] Follow us on Twitter: @enoughsoftware 12th Edition February 2013 This Developer Guide is licensed under the Creative Commons Some Rights Reserved License. Editors: Marco Tabor (Enough Software) Julian Harty Izabella Balce Art Direction and Design by Andrej Balaz (Enough Software) Mobile Developer’s Guide Contents I Prologue 1 The Galaxy of Mobile: An Introduction 1 Topology: Form Factors and Usage Patterns 2 Star Formation: Creating a Mobile Service 6 The Universe of Mobile Operating Systems 12 About Time and Space 12 Lost in Space 14 Conceptional Design For Mobile 14 Capturing The Idea 16 Designing User Experience 22 Android 22 The Ecosystem 24 Prerequisites 25 Implementation 28 Testing 30 Building 30 Signing 31 Distribution 32 Monetization 34 BlackBerry Java Apps 34 The Ecosystem 35 Prerequisites 36 Implementation 38 Testing 39 Signing 39 Distribution 40 Learn More 42 BlackBerry 10 42 The Ecosystem 43 Development 51 Testing 51 Signing 52 Distribution 54 iOS 54 The Ecosystem 55 Technology Overview 57 Testing & Debugging 59 Learn More 62 Java ME (J2ME) 62 The Ecosystem 63 Prerequisites 64 Implementation 67 Testing 68 Porting 70 Signing 71 Distribution 72 Learn More 4 75 Windows Phone 75 The Ecosystem 76 Implementation 82 Testing
    [Show full text]
  • GOOGLE ADVERTISING TOOLS (FORMERLY DOUBLECLICK) OVERVIEW Last Updated October 1, 2019
    !""!#$%%&'($)*+,+-!%*""#,%%%./")0$)#1%%'"23#$4#+456%"($)(+$7%%% #89:%%2;<8:=<%">:?@=A%BC%%%DEBF% " #$%%$&'("&)"*+,-./$(-.("0(-"1&&2%-"3*.4-/$'2"/&&%("/&"5%*6-"*+("*%&'2($+-"1&&2%-""""""""""""""(-.,$6-(7" (-*.68".-(0%/(7"&."&'"/8$.+"5*./9":-;($/-(<"1&&2%-"*%(&"%-,-.*2-("$/(",*(/"(/&.-("&)"0(-."+*/*"/"""""""""""""" &" 5.&,$+-"*+,-./$(-.(":$/8"(&58$(/$6*/-+"="*'+"&)/-'"0'6*''9"="$'($28/("$'/&"/8-$."*+("" """"""""" >" 5-.)&.3*'6-<""" " % 5$1%&'($)*+,% $)G/&4+-!%H)"'24*,%%% " 1&&2%-"#*.4-/$'2"?%*/)&.37"""""""5.-,$&0(%9"4'&:'"*("@&0;%-A%$647"$("1&&2%-" >("5.-3$03"*+,-./$(-.B" )*6$'2"5.&+06/<"1&&2%-"*6C0$.-+""""@&0;%-A%$64"$'"DEEF"")&."GH<!";$%%$&'7"3&.-"/8*'"G!";$%%&'"""""""&,-." /8-"(-%""""""""""""""%-.I(",*%0*/$&'<!"J/"/8-"/$3-7"@&0;%-A%$64":*("*"%-*+$'2"5.&,$+-."&)"+$(5%*9"*+("/&"5&50%*." /8$.+"5*./9"($/-("%$4-"" " " "" JKL7"#9M5*6-7"*'+"/8-"N*%%"M/.--/"O&0.'*%< " " " " " D""""P'"DE!Q7"1&&2%-"0'$)$-+"" @&0;%-A%$64>("*+,-./$(-."/&&%("*'+"$/("-'/-.5.$(-"*'*%9/$6("5.&+06/"0'+-""""""" ."/8-""""1&&2%-"#*.4-/$'2" ?%*/)&.3";.*'+<""H" " J("*"5*./"&)"/8-"DE!Q".-;.*'+$'2"""" 7"1&&2%-"""*%(&".-68.$(/-'-+"$/(""""5.&+06/("/8*/"*%%&:-+"":-;"" 50;%$(8-.("/&"(-%%"*+,-./$($'2"(5*"""" 6-7")&.3-.%9"4'&:'"*(""""""""@&0;%-A%$64")&."?0;%$(8-.("*'+" @&0;%-A%$64""""""""J+"RS68*'2-<"J%/8&028"/8-(-"5.&+06/("*.-"'&:"";.*'+-+"*("1&&2%-"J+"#*'*2-."""" 7" @&0;%-A%$64""6&+-" "(/$%%"*55-*.("&'"T<U"3$%%$&'":-;($/-(< " " " " "T" "" " !""#$%&'()*%& +,-#&.$(+/")0&123&!&& ""#$%&452&& & 1&&2%-"#*.4-/$'2"?%*/)&.3"$("/8-"5.-3$03"6&0'/-.5*./"/&"1&&2%-I(")%*2(8$5"*+"50.68*($'2"""""""
    [Show full text]
  • Online Advertising in the UK
    Online advertising in the UK A report commissioned by the Department for Digital, Culture, Media & Sport January 2019 Stephen Adshead, Grant Forsyth, Sam Wood, Laura Wilkinson plumconsulting.co.uk About Plum Plum is an independent consulting firm, focused on the telecommunications, media, technology, and adjacent sectors. We apply extensive industry knowledge, consulting experience, and rigorous analysis to address challenges and opportunities across regulatory, radio spectrum, economic, commercial, and technology domains. About this study This study for the Department of Digital, Culture, Media & Sport explores the structure of the online advertising sector, and the movement of data, content and money through the online advertising supply chain. It also assesses the potential for harms to arise as a result of the structure and operation of the sector. Plum Consulting 10 Fitzroy Square London W1T 5HP T +44 20 7047 1919 E [email protected] Online advertising in the UK Contents Executive summary 5 Introduction 5 Taxonomy of online advertising 6 Market size and growth 7 Value chain and roles 8 Market dynamics 11 Money flows 12 Data flows 14 Ad flows and control points 16 Assessment of potential harms 17 1 Introduction 20 1.1 Terms of reference 20 1.2 Methodology 20 1.3 Caveats 20 1.4 Press publishers 21 1.5 Structure of this report 21 2 Taxonomy of online advertising 22 2.1 Online advertising formats 22 2.2 Targeting of online advertising 33 2.3 Future developments 34 3 Market size and growth 35 4 Value chain and roles 40 4.1 Overview
    [Show full text]
  • US Department of Health and Human Services
    US Department of Health and Human Services Third Party Websites and Applications Privacy Impact Assessment Date Signed: May 09, 2018 OPDIV: CMS Name: GOOGLE ADVERTISING SERVICES – DoubleClick, AdWords, AdMob TPWA Unique Identifier: T-5775483-419703 Is this a new TPWA? Yes Will the use of a third-party Website or application create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act? No If SORN is not yet published, identify plans to put one in place. Not applicable. Will the use of a third-party Website or application create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)? No Indicate the OMB approval number expiration date (or describe the plans to obtain OMB clearance). N/A. Describe the plans to obtain OMB clearance. N/A. Does the third-party Website or application contain Federal Records? No Describe the specific purpose for the OPDIV use of the third-party Website or application: Google Advertising Services consisting of, DoubleClick, AdWords, and AdMob deliver digital advertising on third-party websites in order to reach new users and provide information to previous visitors to Centers for Medicare & Medicaid Services (CMS) websites. This outreach helps inform consumers about the variety of services CMS offers. Google advertising services consists of the following: DoubleClick collects information about consumer behavior on websites across the Internet including CMS websites, using technology such as cookies. Cookies capture data such as date and time of web browsing, IP address, browser type, and operating system type, tracked by an alphanumeric identifier.
    [Show full text]
  • Application Development in Android
    ISSN (Online) : 2278-1021 ISSN (Print) : 2319-5940 International Journal of Advanced Research in Computer and Communication Engineering Vol. 3, Issue 6, June 2014 Application Development in Android Sana1, Dr. Ravindra kumar2 Department of Computer Engineering, Al-Falah School of Engineering & Technology, Haryana, India1 Ex-Director General, VGI Dadri2 Abstract: Apps are usually available through application distribution platforms. Android came in the world with a boom and has given a new era of technology. A new application is provided as instance to illustrate the basic working processes of Android application components. A guidance to understand the operation mechanism of Android applications and to develop an application on Android platform is described in this paper. Keywords: Dalvik virtual machine; Framework; Activity;Linux kernal I. INTRODUCTION Android is an operating system based on the Linux kernel, ―lines and circles.‖ This approach to application and designed primarily for touch screen mobile devices development helps you see the big picture—how the such as smart phones and tablet computers. Initially components fit together and how it all makes sense. developed by Android, Inc, which Google backed financially and later bought in 2005. Android‖ is the 1. Activities package of software used in the mobile devices. It is a An activity is usually a single screen that the user sees on comprehensive operating environment which is released the device at one time. An application typically has on Nov 12, 2007 by the open Handset alliance of Google, multiple activities, and the user flips back and forth among a consortium of hardware, software, and them. As such, activities are the most visible part of your telecommunication companies devoted to advancing open application.
    [Show full text]
  • Universal App Campaigns Deliver 130% of Download Volume Target for KCB’S Mobile Banking App
    Case Study | KCB Group Universal App Campaigns deliver 130% of download volume target for KCB’s mobile banking app KCB Group is the largest financial Institution by assets in East Africa, serving over About KCB Group 9.7 million customers across Kenya, Uganda, Tanzania, South Sudan, Rwanda, • One of Kenya’s leading banks Burundi and Ethiopia. Recognising mobile technology as the future of banking in • Operating across seven African countries Africa, KCB launched its app in January 2015, offering a comprehensive mobile Goals banking solution. • Raise awareness about KCB mobile banking The KCB mobile app allows all consumers – including those who are not part of the app among customers and non-customers formal financial system – to get cheap and quick access to financial services. Non- • Boost app downloads at $1.50 target cost per customers can open an account without the need to travel to a physical branch, install (CPI) and existing customers can transfer cash, manage cards, and apply for loans in an Approach easy and secure way. The app quickly became an effective product selling channel, • Ran mobile app install campaigns across and promotion of the KCB mobile app was crucial in acquiring new customers and search and display driving long-term loyalty. • Took advantage of Android Codeless Install tracking To raise awareness and drive downloads of the Android app at scale, KCB Group, • Launched Universal App Campaigns for their agency Squad Digital and Google specialists partnered together to build a increased scale and efficiency holistic and cost-effective app strategy. The first step was to align around KCB’s goal to generate at least 30,000 downloads at a cost per install of $1.50.
    [Show full text]
  • Download/IS Web.Pdf
    TRANSITIONING THE TRADITIONAL BUSINESS MODEL FOR TELEVISION: PERSONAL DATA SHARING BY STREAMING VIDEO MOBILE APPS by MATTHEW THOMAS GUZA B.S. Information Networking and Telecommunications Fort Hays State University, 2012 A thesis submitted to the Faculty of the Graduate School of the University of Colorado at Boulder in partial fulfillment of the requirement for the degree of Master of Science Department of Interdisciplinary Telecommunications Program 2016 This thesis entitled: Transitioning the Traditional Business Model for Television: Personal Data Sharing by Streaming Video Mobile Apps written by Matthew Thomas Guza has been approved for the Department of Interdisciplinary Telecommunications Program Dr. David Reed (Thesis Chair) Dr. Scott Savage (Thesis Committee) Mr. Joe McManus (Thesis Committee) Date The final copy of this thesis has been examined by the signatories, and we find that both the content and the form meet acceptable presentation standards of scholarly work in the above mentioned discipline. ii Guza, Matthew Thomas (M.S., Telecommunications [Department of Interdisciplinary Telecommunications Program]) Transitioning the Traditional Business Model for Television: Personal Data Sharing by Streaming Video Mobile Apps Thesis directed by Dr. David Reed Streaming video now represents more than half of all Internet bandwidth consumption and consumers are spending more of their time on mobile devices resulting in total video plays moving to mobile platforms. The rapid growth of streaming Internet video and the popularity of video on mobile platforms is leading to additional avenues of advertising. The new data collection vector from mobile ad providers creates new areas of concern for the user’s privacy posture. This thesis investigates if streaming video apps implicate user privacy by sharing potentially sensitive information, how that information is shared, and the role of advertisers.
    [Show full text]
  • Open Thesis.Pdf
    The Pennsylvania State University The Graduate School ENERGY OPTIMIZATION FOR WIRELESS COMMUNICATIONS ON MOBILE DEVICES A Dissertation in Computer Science and Engineering by Yi Yang c 2018 Yi Yang Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy May 2018 The dissertation of Yi Yang was reviewed and approved∗ by the following: Guohong Cao Professor of Computer Science and Engineering Dissertation Advisor, Chair of Committee George Kesidis Professor of Computer Science and Engineering Professor of Electrical Engineering Sencun Zhu Associate Professor of Computer Science and Engineering Dinghao Wu Associate Professor of Information Sciences and Technology Mahmut Taylan Kandemir Professor of Computer Science and Engineering Graduate Program Chair of Computer Science and Engineering ∗Signatures are on file in the Graduate School. Abstract Mobile devices such as smartphones and smartwatches are becoming increasingly popular accompanied with a wide range of apps. Those apps usually require data communications through wireless interfaces, which will drain the battery quickly. Thus, it is of great value to characterize the energy consumption of wireless com- munications and propose energy saving solutions. The specific goal of this dissertation is to optimize the energy consumption of wireless communications on mobile devices. Specifically, this dissertation has four foci. First, we propose network quality aware prefetching algorithms to save energy for in-app advertising. The cellular interface on smartphones continues to consume a large amount of energy after a data transmission (referred to as the long tail problem). Then periodically fetching ads through the cellular network may lead to significant battery drain on smartphones. To reduce the tail energy, we can predict the number of ads needed in the future and then prefetch those ads together.
    [Show full text]
  • How Do Mobile Apps Violate the Behavioral Policy Of
    How do Mobile Apps Violate the Behavioral Policy of Advertisement Libraries? Feng Dong1, Haoyu Wang1,2, Li Li3, Yao Guo4,5, Guoai Xu1, Shaodong Zhang1 1 Beijing University of Posts and Telecommunications, Beijing, China 2 Beijing Key Laboratory of Intelligent Telecommunication Software and Multimedia 3 Faculty of Information Technology, Monash University 4 Key Laboratory of High-Confidence Software Technologies (Ministry of Education) 5 School of Electronics Engineering and Computer Science, Peking University, Beijing, China {dongfeng,haoyuwang,xga,zhangsd}@bupt.edu.cn,[email protected],[email protected] ABSTRACT 1 INTRODUCTION Advertisement libraries are used in almost two-thirds of apps Mobile apps have seen widespread adoption in recent years, in Google Play. To increase economic revenue, some app with more than 3.3 million apps available in Google Play [7]. developers tend to entice mobile users to unexpectedly click More than 85% of the apps are free [25], and ad libraries (e.g., ad views during their interaction with the app, resulting Admob) are commonly used by app developers to monetize in kinds of ad fraud. Despite some popular ad providers their apps by showing ads to mobile users. have published behavioral policies to prevent inappropriate A significant number of studies focused on the topic ofad behaviors/practices, no previous work has studied whether libraries in various directions. LibRadar [17] and WuKong [23] mobile apps comply with those policies. In this paper, we take were proposed to identify third-party libraries used in Android Google Admob as the starting point to study policy-violation apps. Meng et al.
    [Show full text]