Suranga Seneviratne
ABSTRACT
Smartphone usage is tightly coupled with the use of apps that can be either free or paid. Numerous studies have investigated the tracking libraries associated with free apps. Only a limited number of these have focused on paid apps. As expected, these investigations indicate that tracking is happening to a lesser extent in paid apps, yet there is no conclusive evidence. This paper provides the first large-scale study of paid apps. We analyse top paid apps obtained from four different countries: Australia, Brazil, Germany, and US, and quantify the level of tracking taking place in paid apps in comparison to free apps. Our analysis shows that 60% of the paid apps are connected to trackers that collect personal information compared to 85%--95% in free apps. We further show that approximately 20% of the paid apps are connected to more than three trackers. With tracking being pervasive in both free and paid apps, we then quantify the aggregated privacy leakages associated with individual users. Using the data of user installed apps of over 300 smartphone users, we show that 50% of the users are exposed to more than 25 trackers which can result in significant leakages of privacy.
- Tracker list. http://www.privmetrics.org/publications.Google Scholar
- squid-cache.org - Optimising Web Delivery. http://www.squid-cache.org, 2015.Google Scholar
- J. P. Achara, M. Cunche, V. Roca, and A. Francillon. WifiLeaks: Underestimated Privacy Implications of the ACCESS_WIFI_STATE Android Permission. In Proc. of the 7th ACM WiSec, 2014. Google ScholarDigital Library
- P. Ahlbrecht. Raccoon - Google Play desktop client. http://www.onyxbits.de/raccoon, 2015.Google Scholar
- S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proc. of the 35th ACM SIGPLAN. ACM, 2014. Google ScholarDigital Library
- D. Barrera, H. G. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to Android. In Proc. of the 17th ACM CCS. ACM, 2010. Google ScholarDigital Library
- C. Bonnington. More iOS apps are free than ever before. http://www.wired.com/2013/07/more-free-ios-apps/, 2013.Google Scholar
- P. H. Chia, Y. Yamamoto, and N. Asokan. Is this app safe?: A large scale study on application permissions and risk signals. In Proc. of the 21st WWW. ACM, 2012. Google ScholarDigital Library
- D. E. Dilger. Apple adds new "Limit Ad Tracking" feature to iOS 6. http://appleinsider.com/articles, 2012.Google Scholar
- W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014. Google ScholarDigital Library
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proc. of the 18th ACM CCS. ACM, 2011. Google ScholarDigital Library
- M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi. Unsafe exposure analysis of mobile in-app advertisements. In Proc. of the 5th ACM WiSec. ACM, 2012. Google ScholarDigital Library
- A. Gulyani. Extensive list of mobile ad network companies. http://gulyani.com/complete-list-of-mobile-ad-networks-companies/, 2014.Google Scholar
- I. Leontiadis, C. Efstratiou, M. Picone, and C. Mascolo. Don't kill my ads!: Balancing privacy in an ad-supported mobile application market. In Proc. of the 12th Workshop on Mobile Computing Systems & Applications. ACM, 2012. Google ScholarDigital Library
- Amazon Inc. Amazon EC2. http://aws.amazon.com/ec2/, 2015.Google Scholar
- Amazon Inc. Amazon Mechanical Turk. https://www.mturk.com/, 2015.Google Scholar
- Appbrain Inc. Distribution of free vs. paid Android apps. http://www.appbrain.com/stats/, 2014.Google Scholar
- Appbrain Inc. Android library statistics. http://www.appbrain.com/stats/libraries, 2015.Google Scholar
- Google Inc. Advertising ID. https://developer.android.com, 2014.Google Scholar
- Google Inc. Google Play developer program policies. https://play.google.com/about/developer-content-policy.html, 2014.Google Scholar
- Joe Security LCC. Joe Sandbox Mobile. http://www.joesecurity.org/joe-sandbox-mobile, 2015.Google Scholar
- S. Oliver. MAC address randomization joins Apple's heap of iOS 8 privacy improvements. http://appleinsider.com/articles, 2014.Google Scholar
- C. Reynolds. A list of mobile advertising networks. http://www.mobyaffiliates.com/blog/a-list-of-mobile-advertising-networks/, 2013.Google Scholar
- S. Seneviratne, A. Seneviratne, P. Mohapatra, and A. Mahanti. Predicting user traits from a snapshot of apps installed on a smartphone. ACM SIGMOBILE Mobile Computing and Communications Review, 18(2):1--8, 2014. Google ScholarDigital Library
- S. Seneviratne, A. Seneviratne, P. Mohapatra, and A. Mahanti. Your installed apps reveal your gender and more! ACM SIGMOBILE Mobile Computing and Communications Review, 18(3):55--61, 2015. Google ScholarDigital Library
- S. Shekhar, M. Dietz, and D. S. Wallach. Adsplit: separating smartphone advertising from applications. In Proc. of the 21st USENIX, 2012. Google ScholarDigital Library
- N. Vallina-Rodriguez, J. Shah, A. Finamore, Y. Grunenberger, K. Papagiannaki, H. Haddadi, and J. Crowcroft. Breaking for commercials: Characterizing mobile advertising. In Proc. of the 2012 IMC. ACM, 2012. Google ScholarDigital Library
- N. Viennot, E. Garcia, and J. Nieh. A measurement study of Google Play. In Proc. of the SIGMETRICS. ACM, 2014.Google ScholarDigital Library
- X. Wei, L. Gomez, I. Neamtiu, and M. Faloutsos. Profiledroid: Multi-layer profiling of android applications. In Proc. of the 18th Mobicom. ACM, 2012. Google ScholarDigital Library
- L. Weichselbaum, M. Neugschwandtner, M. Lindorfer, Y. Fratantonio, V. van der Veen, and C. Platzer. Andrubis: Android malware under the magnifying glass. Vienna University of Technology, Tech. Rep. TRISECLAB-0414-001, 2014.Google Scholar
- L. Zhang, D. Gupta, and P. Mohapatra. How expensive are free smartphone apps? ACM SIGMOBILE Mobile Computing and Communications Review, 16(3):21--32, 2012. Google ScholarDigital Library
Index Terms
- A measurement study of tracking in paid mobile applications
Recommendations
Comprehension of ads-supported and paid Android applications: are they different?
ICPC '17: Proceedings of the 25th International Conference on Program ComprehensionThe Android market is a place where developers offer paid and-or free apps to users. Free apps can follow the freemium or the ads-business model. While the former offers less features and the user is charged for unlocking additional features, the latter ...
A Measurement-based Study on Application Popularity in Android and iOS App Stores
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big DataMobile application stores (appstores) are emerging digital distribution platforms with explosive growth. Although there have been some observations on the mobile application (app) popularity in Android appstores, there is no report on the app popularity ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Comments