Use of dangerous permissions by Android ad libraries

Giris, Alexander
Thumbnail Image
Other Contributors
Milanova, Ana
Hendler, James A.
Zikas, Vassilis
Issue Date
Computer science
Terms of Use
This electronic version is a licensed copy owned by Rensselaer Polytechnic Institute, Troy, NY. Copyright of original work retained by author.
Full Citation
Privacy concerns exist with ad libraries which come bundled with Android appli-cations. These libraries are known to collect personal information such as the user’s approximate location to use to tailor ads to the user. Many people find this intrusive and some might not even be aware that this is taking place. One way apps can gain access to a user’s personal information is by requesting it directly from the Android device itself. To do this, it requests the use of one of Android’s permissions. The user may think a given permission is only being requested because the app has legitimate use for it. For example, a weather app has a legitimate reason for asking the user’s location, but an ad library bundled with that app might also access the user’s location. Since the app has permission to access the user’s location, any ad library bundled with that app shares this permission. We took a sample of 134 apps and analyzed them to determine whether “dangerous permissions,” that is, permissions which could potentially leak sensitive data are typically being requested by the app itself or by ad libraries bundled with that app. We found that 71 those apps have at least one dangerous permission request originating from an ad library. In six of these apps, the only requests for dangerous permissions came from ad libraries, meaning the app itself had no need for the permissions at all.
May 2017
School of Science
Dept. of Computer Science
Rensselaer Polytechnic Institute, Troy, NY
Rensselaer Theses and Dissertations Online Collection
Restricted to current Rensselaer faculty, staff and students. Access inquiries may be directed to the Rensselaer Libraries.