Analysis of Android in-app advertisement kits

Karine de Pontevès Fortinet
Axelle Apvrille Fortinet

  download slides (PDF)

Android captured 70% of smartphone shipments in the December quarter of 2012. With this explosion, Android has become the world's biggest magnet for smartphone applications - and mobile malware.

Individuals and organizations who develop legitimate applications benefit financially either by selling them, or by embedding advertisement kits. Building free, ad-supported apps helps developers side-step the hassle of the Google Checkout flow, hence becoming the most popular form of monetization.

In this paper, we focus on the security risks and inefficiencies posed by ad-kits. And more particularly those embedded into malware. To this end, we study the Android platform, and 90,000 malware samples. We identify 10 representative ad-kits. We further develop a system called 'Droidlysis' to examine potential risks, ranging from uploading sensitive information to remote servers, to downloading and executing untrusted code. We analyse ad traffic and identify sensitive data transmitted over the air.

Our results show that most ad-kits not only collect private information, but probe for data and permissions beyond the ones listed in their documentation. We discover how users can be tracked by an ad provider across applications, and by a network sniffer across ad providers. Finally, we discuss the financial implications for developers and ad providers.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.