TY - GEN
T1 - Alde
T2 - 12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016
AU - Liu, Xing
AU - Zhu, Sencun
AU - Wang, Wei
AU - Liu, Jiqiang
N1 - Publisher Copyright:
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2017.
PY - 2017
Y1 - 2017
N2 - While much effort has been made to detect and measure the privacy leakage caused by the advertising (ad) libraries integrated in mobile applications (i.e., apps), analytics libraries, which are also widely used in mobile apps have not been systematically studied for their privacy risks. Different from ad libraries, the main function of analytics libraries is to collect users’ in-app actions. Hence, by design, analytics libraries are more likely to leak users’ private information. In this work, we study what information is collected by the analytics libraries integrated in popular Android apps. We design and implement a tool called “Alde”. Given an app, Alde employs both static analysis and dynamic analysis to detect the data collected by analytics libraries. We also study what private information can be leaked by the apps that use the same analytics library. Moreover, we analyze apps’ privacy policies to see whether app developers have notified the users that their in-app action information is collected by analytics libraries. Finally, we select 8 widely used analytics libraries to study and apply our method on 300 apps downloaded from both Chinese app markets and Google play. Our experimental results request the emerging need for better regulating the use of analytics libraries in Android apps.
AB - While much effort has been made to detect and measure the privacy leakage caused by the advertising (ad) libraries integrated in mobile applications (i.e., apps), analytics libraries, which are also widely used in mobile apps have not been systematically studied for their privacy risks. Different from ad libraries, the main function of analytics libraries is to collect users’ in-app actions. Hence, by design, analytics libraries are more likely to leak users’ private information. In this work, we study what information is collected by the analytics libraries integrated in popular Android apps. We design and implement a tool called “Alde”. Given an app, Alde employs both static analysis and dynamic analysis to detect the data collected by analytics libraries. We also study what private information can be leaked by the apps that use the same analytics library. Moreover, we analyze apps’ privacy policies to see whether app developers have notified the users that their in-app action information is collected by analytics libraries. Finally, we select 8 widely used analytics libraries to study and apply our method on 300 apps downloaded from both Chinese app markets and Google play. Our experimental results request the emerging need for better regulating the use of analytics libraries in Android apps.
UR - http://www.scopus.com/inward/record.url?scp=85019903808&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85019903808&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-59608-2_36
DO - 10.1007/978-3-319-59608-2_36
M3 - Conference contribution
AN - SCOPUS:85019903808
SN - 9783319596075
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 655
EP - 672
BT - Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings
A2 - Deng, Robert
A2 - Yegneswaran, Vinod
A2 - Weng, Jian
A2 - Ren, Kui
PB - Springer Verlag
Y2 - 10 October 2016 through 12 October 2016
ER -