Information leakage through mobile analytics services

Terence Chen, Imdad Ullah, Mohamed Ali Kaafar, Roksana Boreli

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

28 Citations (Scopus)

Abstract

In this paper we investigate the risk of privacy leakage through mobile analytics services and demonstrate the ease with which an external adversary can extract individual's profile and mobile applications usage information, through two major mobile analytics services, i.e. Google Mobile App Analytics and Flurry. We also demonstrate that it is possible to exploit the vulnerability of analytics services, to influence the ads served to users' devices, by manipulating the profiles constructed by these services. Both attacks can be performed without the necessity of having an attacker controlled app on user's mobile device. Finally, we discuss potential countermeasures (from the perspectives of different parties) that may be utilized to mitigate the risk of individual's personal information leakage.

Original languageEnglish
Title of host publicationProceedings of the 15th Workshop on Mobile Computing Systems and Applications, HotMobile 2014
Place of PublicationNew York
PublisherAssociation for Computing Machinery
Number of pages6
ISBN (Electronic)9781450327428
DOIs
Publication statusPublished - 2014
Externally publishedYes
Event15th Workshop on Mobile Computing Systems and Applications, HotMobile 2014 - Santa Barbara, CA, United States
Duration: 26 Feb 201427 Feb 2014

Conference

Conference15th Workshop on Mobile Computing Systems and Applications, HotMobile 2014
Country/TerritoryUnited States
CitySanta Barbara, CA
Period26/02/1427/02/14

Fingerprint

Dive into the research topics of 'Information leakage through mobile analytics services'. Together they form a unique fingerprint.

Cite this