286 Analysis of Android in-app advertisement kits
Analysis of Android in-app advertisement kits
286 Analysis of Android in-app advertisement kits

Analysis of Android in-app advertisement kits

 |  ❤ 507  |  ☻ 0 Категория: Новости



This presentation by Karine de Pontevès and Axelle Apvrille (Fortinet) was presented at VB2013 in Berlin, Germany. https://www.virusbtn.com/conference/vb2013/abstracts/PontevesApvrille.xml

Note: we apologise for the poor quality of the video. You can view the original slides here: https://www.virusbtn.com/pdf/conference_slides/2013/dePontevesApvrille-VB2013.pdf

Android captured 70% of smartphone shipments in the December quarter of 2012. With this explosion, Android has become the world’s biggest magnet for smartphone applications – and mobile malware.

Individuals and organizations who develop legitimate applications benefit financially either by selling them, or by embedding advertisement kits. Building free, ad-supported apps helps developers side-step the hassle of the Google Checkout flow, hence becoming the most popular form of monetization.

In this paper, we focus on the security risks and inefficiencies posed by ad-kits. And more particularly those embedded into malware. To this end, we study the Android platform, and 90,000 malware samples. We identify 10 representative ad-kits. We further develop a system called ‘Droidlysis’ to examine potential risks, ranging from uploading sensitive information to remote servers, to downloading and executing untrusted code. We analyse ad traffic and identify sensitive data transmitted over the air.

Our results show that most ad-kits not only collect private information, but probe for data and permissions beyond the ones listed in their documentation. We discover how users can be tracked by an ad provider across applications, and by a network sniffer across ad providers. Finally, we discuss the financial implications for developers and ad providers.

Источник

Читайте также:  #видео дня | Каким видят будущее Hyperloop его создатели
Теги:

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

четыре × два =

наверх