Alde: Privacy risk analysis of analytics libraries in the android ecosystem

Xing Liu, Sencun Zhu, Wei Wang, Jiqiang Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

While much effort has been made to detect and measure the privacy leakage caused by the advertising (ad) libraries integrated in mobile applications (i.e., apps), analytics libraries, which are also widely used in mobile apps have not been systematically studied for their privacy risks. Different from ad libraries, the main function of analytics libraries is to collect users’ in-app actions. Hence, by design, analytics libraries are more likely to leak users’ private information. In this work, we study what information is collected by the analytics libraries integrated in popular Android apps. We design and implement a tool called “Alde”. Given an app, Alde employs both static analysis and dynamic analysis to detect the data collected by analytics libraries. We also study what private information can be leaked by the apps that use the same analytics library. Moreover, we analyze apps’ privacy policies to see whether app developers have notified the users that their in-app action information is collected by analytics libraries. Finally, we select 8 widely used analytics libraries to study and apply our method on 300 apps downloaded from both Chinese app markets and Google play. Our experimental results request the emerging need for better regulating the use of analytics libraries in Android apps.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings
EditorsRobert Deng, Vinod Yegneswaran, Jian Weng, Kui Ren
PublisherSpringer Verlag
Pages655-672
Number of pages18
ISBN (Print)9783319596075
DOIs
StatePublished - Jan 1 2017
Event12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016 - Guangzhou, China
Duration: Oct 10 2016Oct 12 2016

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume198 LNICST
ISSN (Print)1867-8211

Other

Other12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016
CountryChina
CityGuangzhou
Period10/10/1610/12/16

Fingerprint

Risk analysis
Application programs
Ecosystems
Marketing
Static analysis
Dynamic analysis

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Cite this

Liu, X., Zhu, S., Wang, W., & Liu, J. (2017). Alde: Privacy risk analysis of analytics libraries in the android ecosystem. In R. Deng, V. Yegneswaran, J. Weng, & K. Ren (Eds.), Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings (pp. 655-672). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 198 LNICST). Springer Verlag. https://doi.org/10.1007/978-3-319-59608-2_36
Liu, Xing ; Zhu, Sencun ; Wang, Wei ; Liu, Jiqiang. / Alde : Privacy risk analysis of analytics libraries in the android ecosystem. Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings. editor / Robert Deng ; Vinod Yegneswaran ; Jian Weng ; Kui Ren. Springer Verlag, 2017. pp. 655-672 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).
@inproceedings{dee600c360bd4271be970144919d9c83,
title = "Alde: Privacy risk analysis of analytics libraries in the android ecosystem",
abstract = "While much effort has been made to detect and measure the privacy leakage caused by the advertising (ad) libraries integrated in mobile applications (i.e., apps), analytics libraries, which are also widely used in mobile apps have not been systematically studied for their privacy risks. Different from ad libraries, the main function of analytics libraries is to collect users’ in-app actions. Hence, by design, analytics libraries are more likely to leak users’ private information. In this work, we study what information is collected by the analytics libraries integrated in popular Android apps. We design and implement a tool called “Alde”. Given an app, Alde employs both static analysis and dynamic analysis to detect the data collected by analytics libraries. We also study what private information can be leaked by the apps that use the same analytics library. Moreover, we analyze apps’ privacy policies to see whether app developers have notified the users that their in-app action information is collected by analytics libraries. Finally, we select 8 widely used analytics libraries to study and apply our method on 300 apps downloaded from both Chinese app markets and Google play. Our experimental results request the emerging need for better regulating the use of analytics libraries in Android apps.",
author = "Xing Liu and Sencun Zhu and Wei Wang and Jiqiang Liu",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-59608-2_36",
language = "English (US)",
isbn = "9783319596075",
series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",
publisher = "Springer Verlag",
pages = "655--672",
editor = "Robert Deng and Vinod Yegneswaran and Jian Weng and Kui Ren",
booktitle = "Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings",
address = "Germany",

}

Liu, X, Zhu, S, Wang, W & Liu, J 2017, Alde: Privacy risk analysis of analytics libraries in the android ecosystem. in R Deng, V Yegneswaran, J Weng & K Ren (eds), Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 198 LNICST, Springer Verlag, pp. 655-672, 12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016, Guangzhou, China, 10/10/16. https://doi.org/10.1007/978-3-319-59608-2_36

Alde : Privacy risk analysis of analytics libraries in the android ecosystem. / Liu, Xing; Zhu, Sencun; Wang, Wei; Liu, Jiqiang.

Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings. ed. / Robert Deng; Vinod Yegneswaran; Jian Weng; Kui Ren. Springer Verlag, 2017. p. 655-672 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 198 LNICST).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Alde

T2 - Privacy risk analysis of analytics libraries in the android ecosystem

AU - Liu, Xing

AU - Zhu, Sencun

AU - Wang, Wei

AU - Liu, Jiqiang

PY - 2017/1/1

Y1 - 2017/1/1

N2 - While much effort has been made to detect and measure the privacy leakage caused by the advertising (ad) libraries integrated in mobile applications (i.e., apps), analytics libraries, which are also widely used in mobile apps have not been systematically studied for their privacy risks. Different from ad libraries, the main function of analytics libraries is to collect users’ in-app actions. Hence, by design, analytics libraries are more likely to leak users’ private information. In this work, we study what information is collected by the analytics libraries integrated in popular Android apps. We design and implement a tool called “Alde”. Given an app, Alde employs both static analysis and dynamic analysis to detect the data collected by analytics libraries. We also study what private information can be leaked by the apps that use the same analytics library. Moreover, we analyze apps’ privacy policies to see whether app developers have notified the users that their in-app action information is collected by analytics libraries. Finally, we select 8 widely used analytics libraries to study and apply our method on 300 apps downloaded from both Chinese app markets and Google play. Our experimental results request the emerging need for better regulating the use of analytics libraries in Android apps.

AB - While much effort has been made to detect and measure the privacy leakage caused by the advertising (ad) libraries integrated in mobile applications (i.e., apps), analytics libraries, which are also widely used in mobile apps have not been systematically studied for their privacy risks. Different from ad libraries, the main function of analytics libraries is to collect users’ in-app actions. Hence, by design, analytics libraries are more likely to leak users’ private information. In this work, we study what information is collected by the analytics libraries integrated in popular Android apps. We design and implement a tool called “Alde”. Given an app, Alde employs both static analysis and dynamic analysis to detect the data collected by analytics libraries. We also study what private information can be leaked by the apps that use the same analytics library. Moreover, we analyze apps’ privacy policies to see whether app developers have notified the users that their in-app action information is collected by analytics libraries. Finally, we select 8 widely used analytics libraries to study and apply our method on 300 apps downloaded from both Chinese app markets and Google play. Our experimental results request the emerging need for better regulating the use of analytics libraries in Android apps.

UR - http://www.scopus.com/inward/record.url?scp=85019903808&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85019903808&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-59608-2_36

DO - 10.1007/978-3-319-59608-2_36

M3 - Conference contribution

AN - SCOPUS:85019903808

SN - 9783319596075

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 655

EP - 672

BT - Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings

A2 - Deng, Robert

A2 - Yegneswaran, Vinod

A2 - Weng, Jian

A2 - Ren, Kui

PB - Springer Verlag

ER -

Liu X, Zhu S, Wang W, Liu J. Alde: Privacy risk analysis of analytics libraries in the android ecosystem. In Deng R, Yegneswaran V, Weng J, Ren K, editors, Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings. Springer Verlag. 2017. p. 655-672. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). https://doi.org/10.1007/978-3-319-59608-2_36