AdDroid: Privilege Separation for Applications and Advertisers in Android
Abstract
Advertising is a critical part of the Android ecosystem many applications use one or more advertising services as a source of revenue. To use these services, developers must bundle third-party, binary-only libraries into their applications. In this model, applications and their advertising libraries share permissions. Advertising-supported applications must request multiple privacy-sensitive permissions on behalf of their advertising libraries, and advertising libraries receive access to all of their host applications' other permissions. We conducted a study of the Android Market and found that 49% of Android applications contain at least one advertising library, and these libraries overprivilege 46% of advertising-supported applications. Further, we nd that 56% of the applications with advertisements that request location (34% of all applications) do so only because of advertisements. Such pervasive overprivileging is a threat to user privacy. We introduce AdDroid, a privilege separated advertising framework for the Android platform. AdDroid introduces a new advertising API and corresponding advertising permissions for the Android platform. This enables AdDroid to separate privileged advertising functionality from host applications allowing applications to show advertisements without requesting privacy-sensitive permissions.
Document Details
- Document Type
- Technical Report
- Publication Date
- May 14, 2013
- Accession Number
- ADA584780
Entities
People
- Adrienne P. Felt
- David M Wagner
- Gabriel Nunez
- Paul Pearce
Organizations
- University of California, Berkeley