Free for All! Assessing User Data Exposure to Advertising Libraries on Android

Size: px

Start display at page:

Download "Free for All! Assessing User Data Exposure to Advertising Libraries on Android"

Ferdinand Jordan
5 years ago
Views:

1 Free for All! Assessing User Data Exposure to Advertising Libraries on Android Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, Carl Gunter University of Illinois at Urbana - Champaign

2 Approach

3 Approach GOAL: Assess the RISK of integrating advertising libraries in Android apps RISK: Potential compromise of an asset as a result of an exploit of a vulnerability by a threat. All the different ways an ad library can access private user Private User Data data Ad Library

4 Approach OUT-APP EXPOSURE Host app IN-APP EXPOSURE API API FILES Ad Library

5 Is there any interesting information in local files? FILES

6 Motivation: in-app FILES I m Pregnant / Pregnancy App Weight Height Pregnancy month and day Symptoms (headaches, backache, cons9pa9on) Events (date of intercourse) Outcomes (miscarriage, birth date)

7 Motivation: in-app FILES Diabetes Journal Birth date Gender First name Last name Weight Height Blood glucose levels Workout ac9vi9es

8 Motivation: in-app FILES Diabetes Journal There is a plethora of private user information in app local files. It is trivial for ad libraries to access such information. Birth date Gender First name Last name Weight Height Blood glucose levels Workout ac9vi9es

9 Are ad libraries interested in app bundles?

10 Motivation: out-app API METHODOLOGY RESULTS Call graphs on 2700 Google Play apps 2535 unique apps getinstalledpackages (gip) getinstalledapplications (gia) Manual analysis of packages containing gip and gia 27.5% contain at least one invocation of gip or gia 12.54% contain an ad library that invokes gip or gia 28 unique ad libraries

11 Motivation: out-app API METHODOLOGY RESULTS Call graphs on 2700 Google Play apps 2535 unique apps Ad getinstalledpackages Libraries are (gip) increasingly collecting 27.5% contain app at least bundles one invocation from of gip or gia getinstalledapplications (gia) user devices % contain an ad library that invokes gip Manual analysis of packages containing gip or gia and gia 28 unique ad libraries

12 What can ad libraries learn from app bundles?

13 Motivation: out-app Ground Truth collection: Private User Data Question 1 Question 2 Random ID

14 Motivation: out-app Ground Truth collection: Private User Data Question 1 Question approved users Random ID 1985 distinct apps

15 Evaluation: out-app AGE MARITAL STATUS SEX P (%) R (%) P (%) R (%) P (%) R (%) Random Forest SVM KNN P: Precision R: Recall

16 Pluto Risk Assessment Framework

17 Pluto Design PURPOSE: offline estimation of the private user data a target app can expose to an embedded ad library that utilizes: in-app attack channels out-app attack channels [please see the paper for details]

18 Pluto Design: in-app exposure discovery MONKEY DB XML JSON DB XML GENERIC U MANIFEST Layout Strings DECOMPILER MANIFEST Miners Matching Goals Dynamic Analysis Module

19 Evaluation

20 Evaluation Ground Truth collection: Data Points

21 Evaluation: in-app Ground Truth collection: Manual construction of L1 and L2 Name Number Description Full Dataset (FD) 2535 Unique apps collected from the 27 Google Play categories Level 1 Dataset (L1) 262 Apps randomly selected from FD Level 2 Dataset (L2) 35 Apps purposively selected from L1

22 0" 0.1" 0.2" 0.3" 0.4" 0.5" 0.6" 0.7" 0.8" 0.9" 1" PRECISION" RECALL" L1" L2" AGE 0" 0.1" 0.2" 0.3" 0.4" 0.5" 0.6" 0.7" 0.8" 0.9" 1" PRECISION" RECALL" L1" L2" GENDER 0" 0.1" 0.2" 0.3" 0.4" 0.5" 0.6" 0.7" 0.8" 0.9" 1" PRECISION" RECALL" L1" L2" WORKOUT 0" 0.1" 0.2" 0.3" 0.4" 0.5" 0.6" 0.7" 0.8" 0.9" 1" PRECISION" RECALL" L1" L1:MMiner" L2" L2:Mminer" ADDRESS Evaluation: in-app

23 Privacy Risk App Ranking

24 Utility: assessing the risk with Pluto D: set of data points in cost model (e.g. Financial Times) X: set of data point weights in the cost model D = X = n α: target app x α : sum of all weights of data points exposed by α risk score:

25 Utility: assessing the risk with Pluto CATEGORY APP TITLE AVG # INSTALLS RISK SCORE [ 0-10 ] MEDICAL Depression CBT Self-Help Guide 100K - 500K 8.14 MEDICAL Prognosis: Your Diagnosis 500K - 1M 6.31 HEALTH & FITNESS HEALTH & FITNESS Dream Body Workout Plan 100K - 500K 7.33 mycigna 100K - 500K 5.62

14 MEDICAL Prognosis: Your Diagnosis 500K -

26 Utility: assessing the risk with Pluto CATEGORY APP TITLE AVG # INSTALLS RISK SCORE [ 0-10 ] MEDICAL Depression CBT Self-Help Guide 100K - 500K 8.14 MEDICAL Prognosis: Your Diagnosis 500K - 1M 6.31 HEALTH & FITNESS HEALTH & FITNESS Dream Body Workout Plan 100K - 500K 7.33 exposes 16 data points mycigna 100K - 500K 5.62 depression, headache, pregnancy,

27 Summary Apps store an abundance of private user data in local files. Revealed a trend of aggressive collection of app bundles. New techniques for assessing user sensitive information exposure to libraries. [not covered in this talk] Designed a tool (Pluto) to automatically assess the data exposure risk to third-party libraries by apps at scale. Pluto is evaluated on real world apps and user data and evidently achieves good prediction performance.

28 Thank You! Source code is available online at:

XHound: Quantifying the Fingerprintability of Browser Extensions. Priyankit Bangia Software Engineering. By Oleksii Starov & Nick Nikiforakis

XHound: Quantifying the Fingerprintability of Browser Extensions By Oleksii Starov & Nick Nikiforakis Priyankit Bangia Software Engineering INTRODUCTION What are browser extensions? Browsers are designed