How mobile advertising to reveal user information? -Mobile advertising, privacy, smart phones-IT news

Ad networks can push personalized advertising within the mobile application, the possible disclosure of sensitive personal information of mobile app users to mobile application developers. Millions of smartphone users personal information is at stake due to the mobile application advertising presence. Georgia Institute of technology, Department of computer science, a new study finds that these ads will ad networks and mobile application developers from disclosing potentially sensitive information about users.

Results of network and distributed system security Symposium, held on February 23, 2016 (NDSS′16) published on. The authors of the study are Wei Meng, Ren Ding, and Simon Chung as well as Steven Han, their mentor was Professor Wenke Lee.

The study surveyed more than 200 participants in the Android smart phone customized applications. According to United States comScore released in April 2015, according to a report of the company, Android smart phones accounting for United States 52% of the smart phone market. Georgia Tech (Georgia Institute of Technology), the researchers first tested the accuracy of personalized advertising. These personalized ads have been used to test Google′s online ad networks (Google AdNetwork) through the featured topics of personal interest and demographic data. Next, researchers investigating mobile phone application developers how to mine user information through these personalized advertising.

Researchers found that the 92% user 73% received by the ads and exactly matches their demographic data. The researchers also found that the ads based on these, mobile application developers can get the user′s information:

? Gender accuracy 75%;

? Fertility, 66% accuracy;

? Age, accuracy of 54%;

▲ Can predict income, political affiliation, marital status, its accuracy rate higher than random guessing.

Some personal information is very sensitive, so much so that Google made it clear that these factors will not be used for personalized push. But the study found that due to leaks between online advertising and application developers who can mine this information.

"Free smart-phone applications is not really free," first author, computer science graduate student Wei Meng said that "application especially malicious applications through the placement of ads and to observe the way users receive advertising, can be used to collect potentially sensitive information. Planting advertising within the mobile personalization application is definitely a new privacy threat. ”

Working principle

? Mobile application developers selected ads in the application.

? Online advertising, paid advertising rights to application developers, application and monitoring user activity--collected lists, equipment type, geographic location and other information. Combination of these information objects can help advertisers choose ads.

? According to topic (such as "cars"), interest in positioning (such as user usage patterns, and historical traffic) as well as audience feature location (such as the expected age), advertisers are indicating their ads advertising network.

▲ Advertise advertising network to the appropriate mobile applications the user, if advertising successfully browse or click on ads, advertisers will pay for costs associated with ad networks.

▲ Application advertising as a graft put in part of a graphical user interface and is not encrypted. Mobile application developers can get targeted ads to its users, then reverse to use these data to construct a customer′s personal information.

Advertise on mobile applications with different ads on the Web page. Web page, due to the same-origin policy (Same Origin Policy) protected Web site publishers and other third parties cannot get to personalize advertising content. But in mobile applications, personalize advertising content does not shield the mobile application developers.

According to the Pew Internet (Pew Internet) released "United States popular smartphone" (U.S. Smartphone Use in 2015), groups that rely on Smartphones account for United States 7% of the population, most of them are low-income people, no traditional broadband network in their home, there is no other means of Internet access. For these people, their personal information to take on more risk.

"People now use their smart phones to date online, using online banking and using social networks," a Professor of computer science, Georgia Institute of technology, Institute of information security and privacy officer, Wenke Lee said, "for the equipment of the user, the phone is very personal, so protecting your personal information from malicious persons get becomes more important than ever. ”

手机广告如何泄露用户信息？ - 手机广告,个人隐私,智能电话 - IT资讯

广告网络可以在移动应用程序内部推送个性化的广告，这有可能把手机程序用户敏感的个人信息泄露给移动应用的开发者。数百万智能手机用户的个人信息由于手机应用中植入广告的存在而岌岌可危。佐治亚理工学院计算机科学系的一项新研究发现，这些广告会在广告网络和手机应用开发者之间泄露用户的潜在敏感信息。

研究结果已在2016年2月23日召开的网络和分布式系统安全研讨会（NDSS‘16）上公布。这项研究的作者是Wei Meng、Ren Ding、Simon Chung以及Steven Han，他们的导师是Wenke Lee教授。

该研究调查了超过200名使用安卓智能手机定制应用程序的参与者。根据美国comScore公司在2015年4月发布的一项报告，安卓智能手机占美国智能手机市场的52%。佐治亚理工学院（Georgia Institute of Technology）的研究者首先检验了个性化广告的准确性。这些个性化广告被用来测试谷歌在线广告联盟（Google AdNetwork）通过个人兴趣和人口统计数据得出的推荐主题。接下来，研究人员着手调查手机应用开发者如何通过这些个性化广告来挖掘用户信息。

研究人员发现，92%的用户接收到的73%的广告投放和他们的人口统计数据完全相符。研究人员还发现，根据这些投放的广告，手机应用开发商可以获取用户的以下信息：

▲性别，准确率75%；

▲生育状况，准确率66%；

▲年龄段，准确率54%；

▲还可以预测收入、政治倾向、婚姻状况，其准确率高于随机猜测。

一些个人信息非常敏感，以至于谷歌明确表示这些因素不会被用于个性化推送。但是这项研究发现，由于在线广告联盟和应用开发商之间的泄密，后者依然可以挖掘这些信息。

“免费的智能手机应用并不是真的免费，”第一作者，计算机科学方向的研究生Wei Meng表示，“应用，尤其是恶意应用通过安插广告并观察用户接收到的广告的方式，可被用于收集潜在的敏感信息。手机个性化应用内植广告绝对是一种新的隐私威胁。”

工作原理

▲手机应用开放商选择在应用内植入广告。

▲在线广告联盟向应用开发商付费以取得广告投放权，并且监视用户活动——收集应用列表、设备型号、地理位置等信息。这些信息综合起来能够帮助广告商选择广告投放的对象。

▲根据主题定位（如“汽车”）、兴趣定位（如用户使用模式以及历史点击量）以及受众特征定位（如预期年龄段），广告商指示广告网络投放它们的广告。

▲广告网络向合适的手机应用用户投放广告，如果广告受众成功浏览或者点击广告，广告商就会向支付广告网络相关费用。

▲应用内植广告是作为图形用户界面的一部分而未加密投放的。因此手机应用开发商可以获取向其用户投放的定向广告内容，然后反向利用这些数据来构造出客户的个人信息。

在手机应用上投放广告与在网站页面上投放广告不同。在网站页面上，由于受同源策略（Same Origin Policy）保护，网站发布者和其他第三方无法获取个性化广告内容。但是在手机应用上，个性化广告内容并不屏蔽手机应用开发商。

根据皮尤互联网（Pew Internet）发布的“美国民众智能手机使用报告”(U.S. Smartphone Use in 2015)，依赖智能手机的群体占美国人口的7%，大部分是低收入人群，他们家中没有传统的宽带网，也没有其他上网手段。对于这些人群来说，他们的个人信息承担着更大的风险。

“人们现在每天使用智能手机来网上约会、使用网上银行和使用社交网络，”计算机教授，佐治亚理工学院信息安全和隐私研究所主任Wenke Lee表示，“对于用户来说手机是很私密的设备，因此保护个人信息不被恶意人士获取变得比以往更加重要。”