Use of dangerous permissions by Android ad libraries

Loading...
Thumbnail Image
Authors
Giris, Alexander
Issue Date
2017-05
Type
Electronic thesis
Thesis
Language
ENG
Keywords
Computer science
Research Projects
Organizational Units
Journal Issue
Alternative Title
Abstract
Privacy concerns exist with ad libraries which come bundled with Android appli-cations. These libraries are known to collect personal information such as the user’s approximate location to use to tailor ads to the user. Many people find this intrusive and some might not even be aware that this is taking place. One way apps can gain access to a user’s personal information is by requesting it directly from the Android device itself. To do this, it requests the use of one of Android’s permissions. The user may think a given permission is only being requested because the app has legitimate use for it. For example, a weather app has a legitimate reason for asking the user’s location, but an ad library bundled with that app might also access the user’s location. Since the app has permission to access the user’s location, any ad library bundled with that app shares this permission. We took a sample of 134 apps and analyzed them to determine whether “dangerous permissions,” that is, permissions which could potentially leak sensitive data are typically being requested by the app itself or by ad libraries bundled with that app. We found that 71 those apps have at least one dangerous permission request originating from an ad library. In six of these apps, the only requests for dangerous permissions came from ad libraries, meaning the app itself had no need for the permissions at all.
Description
May 2017
School of Science
Full Citation
Publisher
Rensselaer Polytechnic Institute, Troy, NY
Terms of Use
Journal
Volume
Issue
PubMed ID
DOI
ISSN
EISSN