Alde: Privacy risk analysis of analytics libraries in the android ecosystem

Xing Liu, Sencun Zhu, Wei Wang, Jiqiang Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations

Abstract

While much effort has been made to detect and measure the privacy leakage caused by the advertising (ad) libraries integrated in mobile applications (i.e., apps), analytics libraries, which are also widely used in mobile apps have not been systematically studied for their privacy risks. Different from ad libraries, the main function of analytics libraries is to collect users’ in-app actions. Hence, by design, analytics libraries are more likely to leak users’ private information. In this work, we study what information is collected by the analytics libraries integrated in popular Android apps. We design and implement a tool called “Alde”. Given an app, Alde employs both static analysis and dynamic analysis to detect the data collected by analytics libraries. We also study what private information can be leaked by the apps that use the same analytics library. Moreover, we analyze apps’ privacy policies to see whether app developers have notified the users that their in-app action information is collected by analytics libraries. Finally, we select 8 widely used analytics libraries to study and apply our method on 300 apps downloaded from both Chinese app markets and Google play. Our experimental results request the emerging need for better regulating the use of analytics libraries in Android apps.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings
EditorsRobert Deng, Vinod Yegneswaran, Jian Weng, Kui Ren
PublisherSpringer Verlag
Pages655-672
Number of pages18
ISBN (Print)9783319596075
DOIs
StatePublished - 2017
Event12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016 - Guangzhou, China
Duration: Oct 10 2016Oct 12 2016

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume198 LNICST
ISSN (Print)1867-8211

Other

Other12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016
Country/TerritoryChina
CityGuangzhou
Period10/10/1610/12/16

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Alde: Privacy risk analysis of analytics libraries in the android ecosystem'. Together they form a unique fingerprint.

Cite this