Security and Privacy in Mobile Advertising Hao Chen University of California, Davis Ads are the Financial Pillar of Mobile Computing Most mobile software is free. • Android • Most apps Where does revenue come? • In-app purchase • Ads Mobile Ads Ecosystem Parties • • • • Users App developers Ad providers Advertisers Security Problems ˆ • App developers: ad revenue diversion due to cloning • Ad providers / advertisers: ad fraud Anatomy of Mobile Ad Traffic Ad Revenue Diversion Cloning harms app ecosystem • Developers: lose revenue and incentives to make apps • Markets: polluted search results • Users: difficult to find high quality apps AdRob Goals Characterize cloned apps • Market • App category • Ad provider Quantify impact on developers • Loss of ad revenue • Loss of user base Dataset: 265,000 apps from 17 markets Cloning between Markets Found • >5,000 clusters of clones • >44,000 unique apps Cloning on Each Market Determine Impact • Naive question How many times has an app been cloned? • Better question How many people use a cloned app instead of the original? How to Determine Impact • Count the users running each app. • Determine the ownership of each app. • Classify original vs. plagiarized apps. Count Users Running Each App Potential vantage points • On the device • On the app server • On the network Count Users Running Each app Combine traffic analysis with static analysis On the network • Capture ad traffic • Extract client IDs In the lab, for each app • Extract client ID • Determine whether it is original or clone AdRob Traffic Analysis • Collaborated with a major US cellular provider. • Captured 2.6 billion packets in 12 days. • Removed all user-identifying information. Loss of Revenue and User Base Web Ad Fraud Programs that automatically “view” ads and “click” them Mobile Ad Fraud Apps that automatically “view” ads and “click” them MAdFraud Goals • Design system for automatically detecting ad traffic • Use system to detect fraud and other undesirable ad behavior