AdSplit: Separating smartphone advertising from applications

Proceedings of the 21st USENIX Security Symposium

Volumn , Issue , 2012, Pages 553-567

  Shekhar, Shashi ^a   Dietz, Michael ^a   Wallach, Dan S ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

LIBRARIES; SEPARATION; SMARTPHONES;

NATIVE CODE; RUNTIME OVERHEADS; SMART-PHONE APPLICATIONS; SYSTEM RESOURCES; THIRD PARTIES;

MARKETING;

EID: 84954474056     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (56)

1. ADsafe. ADsafe, Feb. 2012. http://www.adsafe.org.
2. Android. Processes and Threads | Android Developers, Nov. 2011. http://developer.android.com/guide/topics/fundamentals/processes-and-threads.html.
3. Android Open Source Project. dex - Dalvik Executable Format, Nov. 2007. http://source.android.com/tech/dalvik/dex-format.html.
4. A. Barth, A. P. Felt, P. Saxena, and A. Boodman. Protecting browsers from extension vulnerabilities. In 17th Network and Distributed System Security Symposium (NDSS’10), San Diego, CA, Feb. 2010.
5. A. Barth, C. Jackson, and J. C. Mitchell. Robust defenses for cross-site request forgery. In 15th ACM Conference on Computer and Communications Security (CCS’08), Alexandria, VA, Oct. 2008.
6. A. Barth, C. Jackson, and J. C. Mitchell. Securing frame communication in browsers. In 17th USENIX Security Symposium, San Jose, CA, July 2008.
7. D. F. C. Brewer and M. J. Nash. The Chinese wall security policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 206–214, Oakland, CA, May 1989.
8. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.R. Sadeghi. XManDroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt, Apr. 2011. http://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/xmandroid.pdf.
9. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on Android. In 19th Network and Distributed System Security Symposium (NDSS’12), San Diego, CA, Feb. 2012.
10. T. Cheshire. In depth: How Rovio made Angry Birds a winner (and what’s next). Wired, Mar. 2011. http://www.wired.co.uk/magazine/archive/2011/04/features/how-rovio-made-angry-birds-a-winner.
11. M. Conti, V. T. N. Nguyen, and B. Crispo. CRePE: Context-related policy enforcement for Android. In 13th Information Security Conference (ISC’10), Boca Raton, FL, Oct. 2010.
12. L. Desmet, W. Joosen, F. Massacci, P. Philippaerts, F. Piessens, I. Siahaan, and D. Vanoverberghe. Security-by-contract on the .NET platform. Information Security Technical Report, 13(1):25–32, 2008.
13. M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire: Lightweight provenance for smart phone operating systems. In 20th USENIX Security Symposium, San Francisco, CA, Aug. 2011.
14. eLinux.org. Android Memory Usage, Feb. 2012. http://elinux.org/Android_Memory_Usage.
15. W. Enck, P. Gilbert, C. Byung-gon, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI’10), pages 393–408, Vancouver, B.C., Oct. 2010.
16. W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In 16th ACM Conference on Computer and Communications Security (CCS’09), Chicago, IL, Nov. 2009.
17. Federal Trade Commission. Mobile Privacy for Kids: Current Privacy Disclosures are Disappointing, Feb. 2012. http://ftc.gov/os/2012/02/120216mobile_apps_kids. pdf.
18. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android Permissions Demystified. In 18th ACM Conference on Computer and Communications Security (CCS’11), Chicago, IL, 2011.
19. A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’11), Chicago, IL, Oct. 2011.
20. A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In 20th USENIX Security Symposium, San Fansisco, CA, Aug. 2011.
21. Google. View: Android developer reference, Feb. 2011. http://developer.android.com/reference/android/view/View.html#Security.
22. Google Inc. Google AdMob Ads Android Fundamentals, Nov. 2011. http://code.google.com/mobile/ads/docs/android/fundamentals.html.
23. Google Project Hosting. android-apktool - A tool for reengineering Android apk files, Feb. 2012. http://code.google.com/p/android-apktool.
24. M. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi. Unsafe exposure analysis of mobile in-app advertisements. In 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’12), Tucson, AZ, Apr. 2012.
25. GreyStripe Inc. Android - SDK Integration Overview, Nov. 2011. http://wiki.greystripe.com/index.php/Android#AndroidManifest.xml.
26. C. Grier, S. Tang, and S. T. King. Secure web browsing with the OP web browser. In 2008 IEEE Symposium on Security and Privacy, Oakland, CA, May 2008.
27. S. Guha, B. Cheng, and P. Francis. Privad: Practical privacy in online advertising. In 8th Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, Mar. 2011.
28. J. Howell, C. Jackson, H. J. Wang, and X. Fan. MashupOS: Operating system abstractions for client mashups. In 11th USENIX Workshop on Hot Topics in Operating Systems (HotOS’07), pages 1–7, 2007.
29. InMobi. InMobi Android SDK - Version a300, Nov. 2011. http://developer.inmobi.com/wiki/index.php?title=Android.
30. A. Juels. Targeted advertising ... and privacy too. In 2001 Conference on Topics in Cryptology: The Cryptographer’s Track at RSA (CT-RSA 2001), San Francisco, CA, Apr. 2001.
31. A. Juels, S. Stamm, and M. Jakobsson. Combating click fraud via premium clicks. In 16th USENIX Security Symposium, Boston, MA, 2007.
32. Jumptap. Jumptap Android SDK Integration, Nov. 2011. https://support.jumptap.com/index.php/Jumptap_ Android_SDK_Integration.
33. I. Leontiadis, C. Efstratiou, M. Picone, and C. Mascolo. Don’t kill my ads! Balancing privacy in an ad-supported mobile application market. In 12th Workshop on Mobile Computing Systems & Applications (HotMobile’12), San Diego, CA, Feb. 2012.
34. L. Liu, X. Zhang, G. Yan, and S. Chen. Chrome extensions: Threat analysis and countermeasures. In 19th Network and Distributed System Security Symposium (NDSS’12), San Diego, CA, Feb. 2012.
35. L. McGann. How Ars Technica’s “experiment” with ad-blocking readers built on its community’s affection for the site. Nieman Journalism Lab, Mar. 2010. http://www.niemanlab.org/2010/03/how-arstechnica-made-the-ask-of-ad-blocking-readers/.
36. Millenial Media. Millennial Media Android SDK - Version 4.5.0, Nov. 2011. http://wiki.millennialmedia.com/index.php/Android.
37. M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Caja: Safe active content in sanitized JavaScript. Google, Dec. 2007. http://google-caja.googlecode.com/files/caja2007.pdf.
38. Mobclix. Mobclix SDK Integration Guide Version 3.1.0, Nov. 2011. https://developer.mobclix.com/help/advertising/sdk_api/android.
39. Mozilla Foundation. How Many Firefox Users Have Add-Ons Installed? 85%!, June 2011. http://blog.mozilla.com/addons/2011/06/21/firefox-4-add-on-users/.
40. MSDN. About Cross-Frame Scripting and Security., Oct. 2011. http://msdn.microsoft.com/en-us/library/ms533028(v=vs.85).aspx.
41. M. Nauman, S. Khan, and X. Zhang. Apex: extending Android permission model and enforcement with user-defined runtime constraints. In 5th ACM Symposium on Information, Computer and Communications Security(ASIACCS’10), pages 328–332, Beijing, China, Apr. 2010.
42. M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in Android. In 25th Annual Computer Security Applications Conference (ACSAC’09), Honolulu, HI, Dec. 2009.
43. M. Panzarino. Google: About 190 Million Android Devices Activated Worldwide. That’s About 576900 A Day Since May. The Next Web, Oct. 2011. http://thenextweb.com/google/2011/10/13/google-190million-android-devices-activated-worldwide-thats-about-576900-a-day-since-may/.
44. A. Pathak, Y. C. Hu, and M. Zhang. Where is the energy spent inside my app? Fine grained energy accounting on smartphones with eprof. In 7th ACM European Conference on Computer Systems (EuroSys’12), Bern, Switzerland, Apr. 2012.
45. P. Pearce, A. P. Felt, and D. Wagner. AdDroid: Privilege separation for applications and advertisers in Android. In 7th ACM Symposium on Information, Computer and Communications Security (AsiaCCS’12), Seoul, Korea, May 2012.
46. G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: Zero-day protection for smartphones using the cloud. In Annual Computer Security Applications Conference (ACSAC’10), Austin, TX, Dec. 2010.
47. N. Provos, P. Mavrommatis, M. A. Rajab, and F. Mon-rose. All your iFRAMEs point to us. In 17th USENIX Security Symposium, San Jose, CA, July 2008.
48. C. Reis and S. D. Gribble. Isolating web programs in modern browser architectures. In 4th ACM European Conference on Computer systems (EuroSys’09), Nuremberg, Germany, Apr. 2009.
49. F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang, and C. Cowan. User-Driven Access Control: Rethinking permission granting in modern operating systems. In 2012 IEEE Symposium on Security and Privacy, Berkeley, CA, May 2012.
50. G. Rydstedt, E. Bursztein, and D. Boneh. Framing attacks on smart phones and dumb routers: Tap-jacking and geolocalization. In USENIX Workshop on Offensive Technologies (wOOt’10), Washington, DC, Aug. 2010.
51. G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson. Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In IEEE Oakland Web 2.0 Security and Privacy (W2SP’10), Oakland, CA, May 2010.
52. S. Smalley. The case for SE Android. In Linux Security Summit 2011, Santa Rosa, CA, Sept. 2011. http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf.
53. Tapjoy. Getting Started with Publisher SDK, Nov. 2011. http://knowledge.tapjoy.com/integration-8-x/android/publisher/getting-started-with-offers-sdk.
54. H. J. Wang, C. Grier, A. Moshchuk, S. T. King, P. Choudhury, and H. Venter. The multi-principal OS construction of the Gazelle web browser. In 18th USENIX Security Symposium, Montreal, Canada, Aug. 2009.
55. World Wide Web Consortium (W3C). Frames in HTML Documents, Nov. 2011. http://www.w3.org/TR/REC-html40/present/frames.html#h-16.5.
56. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In 19th Network and Distributed System Security Symposium (NDSS’12), San Diego, CA, Feb. 2012.