The Price of Free: Privacy Leakage in Personalized Mobile In-App Ads

Meng, Weiyi; Ren, Dianxu; Chung, Simon P.; Han, Steven; Lee, Wenke

doi:10.14722/ndss.2016.23353

Cited by 58 publications

(50 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They also studied what ad networks can learn from the list of apps installed in a phone. Meng et al [30] studied what ad networks know about the user's interest and demographic information. They also studied whether the host apps could conversely use the targeted ads to infer some of the user information collected by the ad network.…”

Section: Privacy and Mobile Advertisingmentioning

confidence: 99%

Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem

Liu

Zhu

et al. 2020

IEEE Trans. on Mobile Comput.

111

View full text Add to dashboard Cite

Section: Privacy and Mobile Advertisingmentioning

confidence: 99%

Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem

Liu

Zhu

et al. 2020

IEEE Trans. on Mobile Comput.

111

View full text Add to dashboard Cite

“…Studies have mainly focused in measuring and identifying the security and privacy risks that are directly associated with the delivery of ads in web applications, websites and mobile applications. Results have identified that most advertising libraries abuse systematically the way they handle and gather data from host applications and their user base [2]. Pluto: ("Free for All!…”

Section: Privacy Preserving Solutions Towards Preventing Aggresive Damentioning

confidence: 99%

“…Pluto: ("Free for All! Assessing User Data Exposure to Advertising Libraries for Android") [2]. A framework notable for its usage in analyzing and detecting if an advertising library and by extension its host application is exposing targeted user data.…”

Section: Privacy Preserving Solutions Towards Preventing Aggresive Damentioning

confidence: 99%

“…Confidentiality, Authentication and Integrity Mechanisms: The system must have specific mechanisms to ensure the proper authentication of participating users. Proper protection on their communications should be provided alongside strong confidentiality and integrity of the communication channels against unauthorized third parties with the purpose of causing harm to the system or its users [2,20].…”

Section: Securitymentioning

confidence: 99%

“…The collected data is then used to deliver specific ads, according to a user's online activity, ethnographic background and other information. In most cases, advertising networks aggressively collect user data without the necessary consent which in turn raises a number of questions regarding user anonymity and privacy [2].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

CrowdLED: Towards Crowd-Empowered and Privacy-Preserving Data Sharing Using Smart Contracts

Pouyioukka

Giannetsos

Meng

2019

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

In this research paper, we explore how Blockchain technologies and Smart Contracts can be used to fairly reward users for the data they share with advertising networks without compromising anonymity and user privacy. The novelty of using Blockchains alongside such systems is to understand and investigate how a proper and fair exchange of data can ensure that participating users can be kept secure and eliminate aggressive data collection by ad libraries; libraries that are embedded inside the code of smart-phones and web applications for monetization. There are a lot of privacy issues regarding mobile and online advertising: Advertising networks mostly rely on data collection, similar to a crowdsensing system, but in most cases, neither consent has been granted by the user for the data collection nor a reward has been given to the user as compensation. Making a comparison between the problems identified in mobile and online advertising and the positives of the approach of using Blockchain, we propose "CrowdLED", a holistic system to address the security and privacy issues discussed throughout the paper.

show abstract

Privacy Risk Assessment: From Art to Science, by Metrics

Wagner

Boiten

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Privacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts picking the "correct" risk level on e.g. a five-point scale.In this paper, we argue that a more scientific quantification of privacy risk increases accuracy and reliability and can thus make it easier to build privacy-friendly systems. We discuss how the impact and likelihood of privacy violations can be decomposed and quantified, and stress the importance of meaningful metrics and units of measurement. We suggest a method of quantifying and representing privacy risk that considers a collection of factors as well as a variety of contexts and attacker models. We conclude by identifying some of the major research questions to take this approach further in a variety of application scenarios.Data Protection Regulation) [11], PIAs (called "data protection impact assessments") are mandated for some cases, including surveillance, data sharing, and new technologies. This is relevant worldwide because of the GDPR's global reach. As PIAs include consultation with stakeholders, they are also a useful mechanism for obtaining their buy-in in what might otherwise be seen as "creepy" data processing processes.However, the wider application and impact of PIAs may be limited because privacy risk assessments currently rely heavily on experience, analogy and imagination, that is, risk assessment more closely resembles an art than a science. We argue that a more scientific approach to risk assessment can improve the outcomes of privacy impact assessments by making them more consistent and systematic. Beyond the use to measure and communicate an individual privacy risk, we envision uses of these privacy risk metrics for at least five more purposes: to quantify the effect of privacy controls, to compare the effects of different controls, to analyze trends in privacy risk over time, to compute a system's aggregate privacy risk from its components, and to rank privacy risks.Contributions. In this paper, we investigate how to quantify privacy risk systematically with the aim of moving privacy risk assessment from being an art closer to being a science. We focus on data driven privacy (i.e. the impact of data decisions, possibly outside the data sphere) because this is the scope of the GDPR, currently the strongest driver of PIAs. In line with the common decomposition of risk into impact and likelihood, we discuss quantification of impact and likelihood separately and suggest possible metrics for each (Sections 4 and 5). We then discuss how metrics for impact and likelihood can be combined to form privacy risk metrics that can be used directly in privacy impact assessments and privacy requirements engineering (Section 6). We illustrate an initial approach to measuring and representing privacy risk in a case study with two typical known privacy risks (Section...

show abstract

The Price of Free: Privacy Leakage in Personalized Mobile In-App Ads

Cited by 58 publications

References 17 publications

Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem

Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem

CrowdLED: Towards Crowd-Empowered and Privacy-Preserving Data Sharing Using Smart Contracts

Privacy Risk Assessment: From Art to Science, by Metrics

Contact Info

Product

Resources

About