Analysis of Android In-app Advertisement Kits

This paper was presented at Virus Bulletin conference, October 2013. Presentation Slides : Presentation Slides

Android captured 70% of smartphone shipments in the December quarter of 2012. With this explosion, Android has become the world's biggest magnet for smartphone applications, and mobile malware.
Individuals and organizations who develop legitimate applications, benefit financially either by selling them, or by embedding advertisement kits. Building free, ad-supported apps helps developers side-step the hassle of the Google Checkout flow, hence becoming the most popular form of monetization.
In this paper, we focus on the security risks and inefficiencies posed by ad-kits. And more particularly those embedded into malware. To this end, we study the Android platform, and 120,000 malware samples. We identify 60 representative ad-kits. We further develop a system called Droidlysis to examine potential risks, ranging from uploading sensitive information to remote servers, to downloading and executing untrusted code. We analyse ad traffic and identify sensitive data transmitted Over-The-Air.
Our results show most ad-kits not only collect private information, but probe for data and permissions beyond the ones listed in their documentation. We discover how users can be tracked by an ad provider across applications, and by a network sniffer across ad providers.