Free mobile applications (apps) available on app marketplaces are largely monetized through mobile advertising. The number of clicks received on the advertisements (ads) and thus the revenue gained from them can be increased by showing targeted ads to users. Mobile advertising networks collect a variety of privacy sensitive information about users and use it to build advertising profiles. To target ads at individual users based on their interests, these advertising profiles are typically linked with the users' unique device identifiers, such as the advertising ID used in Android.
Advertising profiles may contain a large amount of privacy sensitive information about users, which can attract adversaries to attempt gaining access to this information. Mobile devices are known to leak privacy sensitive information such as device identifiers in clear text. This poses a potential privacy risk, since an adversary might exploit the leaked identifiers to learn privacy sensitive details about a victim by sampling personalized ads targeted at the victim.
This thesis explores the behavior of mobile ad networks regarding data collection and ad targeting, as well as the possibility of an attack where leaked device identifiers are exploited to request ads targeted at a victim. We investigated these problems in the context of four popular Android ad libraries that support ad targeting, using a custom app and simulated user profiles designed for this purpose.
Our findings indicate that it is possible to use sniffed identifiers to impersonate another user for requesting ads, and to some degree, this can result in receiving ads specific to the victim's profile. In the case of some ad networks, the lack of ad targeting causes it to be infeasible to conduct an attack to request ads targeted at the victim.
