{
	"id": "59bd1f39-b62a-4f73-8425-854c8307afc2",
	"created_at": "2026-04-06T00:16:56.146121Z",
	"updated_at": "2026-04-10T03:21:08.364487Z",
	"deleted_at": null,
	"sha1_hash": "dfbcd38e10353596adef2415967c022d7cfd3d2a",
	"title": "Unsafe exposure analysis of mobile in-app advertisements | Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35700,
	"plain_text": "Unsafe exposure analysis of mobile in-app advertisements |\r\nProceedings of the fifth ACM conference on Security and Privacy\r\nin Wireless and Mobile Networks\r\nBy Michael C. GraceNorth Carolina State University, Raleigh, NC, USAView Profile\r\nArchived: 2026-04-05 15:58:31 UTC\r\nAbstract\r\nIn recent years, there has been explosive growth in smartphone sales, which is accompanied with the availability\r\nof a huge number of smartphone applications (or simply apps). End users or consumers are attracted by the many\r\ninteresting features offered by these devices and the associated apps. The developers of these apps are also\r\nbenefited by the prospect of financial compensation, either by selling their apps directly or by embedding one of\r\nthe many ad libraries available on smartphone platforms. In this paper, we focus on potential privacy and security\r\nrisks posed by these embedded or in-app advertisement libraries (henceforth \"ad libraries,\" for brevity). To this\r\nend, we study the popular Android platform and collect 100,000 apps from the official Android Market in March-May, 2011. Among these apps, we identify 100 representative in-app ad libraries (embedded in 52.1% of them)\r\nand further develop a system called AdRisk to systematically identify potential risks. In particular, we first\r\ndecouple the embedded ad libraries from host apps and then apply our system to statically examine the ad\r\nlibraries, ranging from whether they will upload privacy-sensitive information to remote (ad) servers or whether\r\nthey will download untrusted code from remote servers. Our results show that most existing ad libraries collect\r\nprivate information: some of them may be used for legitimate targeting purposes (i.e., the user's location) while\r\nothers are hard to justify by invasively collecting the information such as the user's call logs, phone number,\r\nbrowser bookmarks, or even the list of installed apps on the phone. Moreover, additional ones go a step further by\r\nmaking use of an unsafe mechanism to directly fetch and run code from the Internet, which immediately leads to\r\nserious security risks. Our investigation indicates the symbiotic relationship between embedded ad libraries and\r\nhost apps is one main reason behind these exposed risks. These results clearly show the need for better regulating\r\nthe way ad libraries are integrated in Android apps.\r\nFormats available\r\nYou can view the full content in the following formats:\r\nReferences\r\n[1]\r\nAndroid Permission Protection Levels.\r\nhttp://developer.android.com/reference/android/R.styleable.html#Android/ManifestPermission_protectionLevel.\r\n[2]\r\nhttps://dl.acm.org/doi/10.1145/2185448.2185464\r\nPage 1 of 2\n\nAndroid Security and Permissions. http://developer.android.com/guide/topics/security/security.html.\r\n[3]\r\nBaksmali: A Disassembler for Android's Dex Format. http://code.google.com/p/smali/.\r\n[4]\r\nDalvik. http://sites.google.com/site/io/dalvik-vm-internals/.\r\nSource: https://dl.acm.org/doi/10.1145/2185448.2185464\r\nhttps://dl.acm.org/doi/10.1145/2185448.2185464\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://dl.acm.org/doi/10.1145/2185448.2185464"
	],
	"report_names": [
		"2185448.2185464"
	],
	"threat_actors": [],
	"ts_created_at": 1775434616,
	"ts_updated_at": 1775791268,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dfbcd38e10353596adef2415967c022d7cfd3d2a.pdf",
		"text": "https://archive.orkl.eu/dfbcd38e10353596adef2415967c022d7cfd3d2a.txt",
		"img": "https://archive.orkl.eu/dfbcd38e10353596adef2415967c022d7cfd3d2a.jpg"
	}
}