seamless in app ad blocking on stock android
play

Seamless In-App Ad Blocking on Stock Android Michael Backes, Sven - PowerPoint PPT Presentation

Dec 28, 2023 •145 likes •434 views

Seamless In-App Ad Blocking on Stock Android Michael Backes, Sven Bugiel, Philipp von Styp-Rekowsky, and Marvin Wifeld CISPA, Saarland University Mobile Security T echnologies (MoST) Workshop San Jose, California, M ay 25, 2017 Motivation

  1. Seamless In-App Ad Blocking on Stock Android Michael Backes, Sven Bugiel, Philipp von Styp-Rekowsky, and Marvin Wißfeld CISPA, Saarland University Mobile Security T echnologies (MoST) Workshop San Jose, California, M ay 25, 2017 Motivation

  2. Motivation Ads allow developers to easily monetize their apps.

  3. Why to block ads on Android? Ad libraries have shown to exploit host app's permissions to access private data. Ads can be used to lure users into installing malware. Streaming media files can be expensive on mobile networks.

  4. Existing approaches lack deployability or effectiveness. Existing approaches

  5. Existing approaches 1 AdDroid , Adsplit , Aframe Pearce et al., ASIACCS’12 Shekhar et al ., Usenix’12 Zhang et al., ACSAC’13 2 3 PEDAL , Apklancet Privacyguard , Adguard Liu et al., MobiSys’15 Yang et al., ASIACCS’14 Song et al., SPSM’15 Contribution

  6. Contribution We developed an in-app ad blocking system, that • is easy to deploy and runs on-device only. • effectively blocks ad library code execution. • has no side-effects on the applications. Ad library inclusion

  7. Ad library inclusion

  12. Approach

  13. Approach 1. Identification Find ad library API classes inside app package 2. Stub generation Create matching classes that preserve functionality 3. Injection Have the application use the created stub Approach: 1. Identification

  14. Approach: 1. Identification Find ad library API classes inside app package Task: identify class AdView from included library com.example.ads . Approach: find class with class name com.example.ads.AdView .

  15. Problem: Identifier Renaming Build process obfuscates names of classes, methods and fields: com.example.ads.AdView -> a.b.a.a com.example.ads.InterstitialAd -> a.b.a.b ... but when referenced in XML or string constants, names are preserved. • Libraries contain a XML manifest referencing their package name. • UI classes might be referenced in UI XML. com.example.ads.AdView -> com.example.ads.AdView com.example.ads.InterstitialAd -> com.example.ads.a

  16. Task: identify class AdView from included library com.example.ads . Approach: find class in package com.example.ads with same superclass and members.

  17. Problem: Dead code elimination Build process removes methods and classes that are not referenced.

  18. Task: identify class AdView from included library com.example.ads . Approach: find class in package com.example.ads with same superclass and required members.

  19. Filter rules Must contain for each class: package name, superclass, required members. package com.example.ads class .AdView extends* android.view.View method exists void loadAd end class class .InterstitialAd method exists void openAd .AdListener end class class .AdListener method exists void onAdClosed end class end package Approach: 2. Stub generation

  20. Approach: 2. Stub generation Create matching classes that preserve functionality Task: create class replacing InterstitialAd . Approach: Replace all methods with empty/null-return methods.

  21. Problem: Callbacks Some method calls must result in callback invocations to preserve app functionality

  22. Task: create classes replacing InterstitialAd . Approach: Replace all methods with empty/null-return methods or functionality preserving implementations.

  23. Filter rules Must contain for each class: package name, superclass, required members, stub generation info. package com.example.ads class .AdView extends* android.view.View set filter-action empty-view method exists void loadAd end class class .InterstitialAd set filter-action empty-object method exists,replace void openAd .AdListener end class class .AdListener method exists void onAdClosed end class end package Approach: 3. Injection

  24. Approach: 3. Injection Have the application use the created stub Use app virtualization (Boxify Backes et al., Usenix'15 ) to instrument app. Prepend stub classes to class loader search path, so they are loaded first. Evaluation

  25. Evaluation Manual assessment Created filter rules for 7 large advertisers Tested against 22 random apps from Play Store (that contained ads) Ads blocked in 19 apps, 3 failed because of missing filter rules. No app crashed or misbehaved.

  26. Real-world test Made end-user version (with more filter rules) publicly available 5.700+ installs, 15.000+ different apps ad-blocked Less than 200 reported apps that still showed ads. Limitations

  27. Limitations • Only third-party libraries. This excludes • Content ads (ex. Spotify, Facebook) • Web-based ads (WebView, Browser) • Dynamic class loading • Stronger obfuscation • Red Pill attacks Summary

  28. Summary Built in-app ad blocking based on app virtualization. Demonstrated deployability and efficiency by real-world evaluation. www.srt-adversary.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of

Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of

Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of Oslo, N-0316 Oslo, Norway Spring 2008 Computational Physics II FYS4410 Outline Data Blocking Why blocking? What is blocking? Blocking in

626 views • 14 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
Blocking in the 2 k Design Blocking may be required because: we cannot perform all required runs

Blocking in the 2 k Design Blocking may be required because: we cannot perform all required runs

ST 516 Experimental Statistics for Engineers II Blocking in the 2 k Design Blocking may be required because: we cannot perform all required runs under homogeneous conditions; e.g. raw material comes in limited batches; we want to carry out runs

487 views • 23 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="net.cserna.bence.colorguess

201 views • 3 slides
What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4 Development, Meier, Ch 11, pg 437 Speech recognition: Accept inputs as speech (instead of typing) e.g. dragon dictate app? Note: Google

333 views • 16 slides
Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of

Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of

Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of Oslo, N-0316 Oslo, Norway Spring 2008 Computational Physics II FYS4410 Outline Data Blocking Implementing blocking Using vmc blocking

210 views • 8 slides
Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android which gives us the liberty to perform heavy tasks in the background and keep the UI thread light thus making the application more responsive. Basic

240 views • 5 slides
Blocking and Non-blocking Checkpointing and Rollback Recovery for Networks-on-Chip Claudia Rusu 1

Blocking and Non-blocking Checkpointing and Rollback Recovery for Networks-on-Chip Claudia Rusu 1

Blocking and Non-blocking Checkpointing and Rollback Recovery for Networks-on-Chip Claudia Rusu 1 , Cristian Grecu 2 , Lorena Anghel 1 1 TIMA Laboratory, CNRS-UJF-INP, Grenoble, France 2 SoC Laboratory, University of British Columbia, Vancouver,

700 views • 23 slides
Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview Installation Building Blocks Application Development Development Tools Source walk through Introduction to Android Open software

978 views • 49 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android UI Design Example GeoQuiz App Reference: Android Nerd Ranch, pgs 1 32 App presents questions to test users knowledge

1k views • 96 slides
Microsystems D i g i t i z i n g Yo u r W o r l d S e a m l e s s l y ADCs for Autonomous

Microsystems D i g i t i z i n g Yo u r W o r l d S e a m l e s s l y ADCs for Autonomous

Seamless Microsystems D i g i t i z i n g Yo u r W o r l d S e a m l e s s l y ADCs for Autonomous Driving Augustine Kuo VP Engineering Seamless Microsystems Seamless Microsystems Background LiDAR and RADAR in Wireless and Consumer cars

423 views • 20 slides
Services Android Services A Service is an application component that runs in the background, not

Services Android Services A Service is an application component that runs in the background, not

Lesson 22 Lesson 22 Android Android Services Victor Matos Cleveland State University Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work

692 views • 26 slides
What Mobile Ads Know About Mobile Users Sooel Son joint work with Daehyeok Kim and Vitaly

What Mobile Ads Know About Mobile Users Sooel Son joint work with Daehyeok Kim and Vitaly

What Mobile Ads Know About Mobile Users Sooel Son joint work with Daehyeok Kim and Vitaly Shma<kov 1 Overview Background Mobile adver<sing library ACack model: malicious adver<ser Informa<on available to the aCacker

940 views • 31 slides
CS 744: DATAFLOW Shivaram Venkataraman Fall 2020 ADMINISTRIVIA - Assignment 2

CS 744: DATAFLOW Shivaram Venkataraman Fall 2020 ADMINISTRIVIA - Assignment 2

! welcome CS 744: DATAFLOW Shivaram Venkataraman Fall 2020 ADMINISTRIVIA - Assignment 2 grades are up! Canvas - Midterm grading in progress - Course project proposal comments week tis Thursday feedback Peer feedback

342 views • 22 slides
Abdominal Vascular Emergencies: No fi nancial disclosures Pearls and Pitfalls or

Abdominal Vascular Emergencies: No fi nancial disclosures Pearls and Pitfalls or

Abdominal Vascular Emergencies: No fi nancial disclosures Pearls and Pitfalls or relationships. Brian Lin, MD, FACEP Kaiser Permanente, San Francisco Emergency Dept Clinical Assistant Professor, UCSF High Risk Emergency

631 views • 17 slides
When was the Book of Revelation Written? Two Main Dates for the Composition of Revelation 1.

When was the Book of Revelation Written? Two Main Dates for the Composition of Revelation 1.

When was the Book of Revelation Written? Two Main Dates for the Composition of Revelation 1. Neronic Date (Early Date) AD 65 2. Domitianic Date (Late Date) AD 95 Traditional date of the church for 1,900 years Why is the Date of Revelation

1.43k views • 104 slides
L ECTURE 12 Deleveraging and Balance Sheet Effects November 16, 2011 I . I NTRODUCTION What Do

L ECTURE 12 Deleveraging and Balance Sheet Effects November 16, 2011 I . I NTRODUCTION What Do

Economics 210c/236a Christina Romer Fall 2011 David

854 views • 53 slides
Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander Bokovoy <ab@samba.org> May 21th, 2015 Samba Team / Red Hat 0 A crisis of identity (solved?) FreeIPA What is FreeIPA? Cross Forest Trusts

298 views • 29 slides
Annoyed Users: Ads and Ad-Block Usage in the Wild Enric Pujol Oliver Hohlfeld Anja Feldmann TU

Annoyed Users: Ads and Ad-Block Usage in the Wild Enric Pujol Oliver Hohlfeld Anja Feldmann TU

Annoyed Users: Ads and Ad-Block Usage in the Wild Enric Pujol Oliver Hohlfeld Anja Feldmann TU Berlin RWTH Aachen TU Berlin IMC15 Tokyo, Japan 2 http://www.journalism.org/2015/04/29/digital-news-revenue-fact-sheet Page Fair and Adobe

832 views • 32 slides
1 2 + Why are we at this workshop? + What are we hoping to get from it? + What are we hoping to

1 2 + Why are we at this workshop? + What are we hoping to get from it? + What are we hoping to

1 2 + Why are we at this workshop? + What are we hoping to get from it? + What are we hoping to contribute to it? 3 Most important reason (with homage/apologies to Vanilla Ice) + Vendor - SemWeb expertise in applications in enterprise

342 views • 18 slides

More recommend