ISSTA 2019
Mon 15 - Fri 19 July 2019 Beijing, China
Fri 19 Jul 2019 11:45 - 12:07 at Grand Ballroom - Static Analysis and Debugging Chair(s): Arie van Deursen

Mobile advertising has become a popular advertising approach by taking advantage of various information from mobile devices and rich interaction with users. Mobile advertising platforms show advertisements of nearby restaurants to users using the geographic locations of their mobile devices, and also allow users to make reservations easily using their phone numbers. However, at the same time, they may open the doors for advertisements to steal device information or to perform malicious behaviors. When application developers integrate mobile advertising platform SDKs (AdSDKs) to their applications, they are informed of only the permissions required by the AdSDKs, and they may not be aware of the rich functionalities of the SDKs that are available to advertisements. In this paper, we first report that various AdSDKs provide powerful functionalities to advertisements, which are seriously vulnerable to security threats. We present representative malicious behaviors by advertisements using APIs provided by AdSDKs. To mitigate the security vulnerability, we develop a static analyzer, Adlib, which analyzes Android Java libraries that use hybrid features to enable communication with JavaScript code and detects possible flows from the APIs that are accessible from third-party advertisements to device-specific features like geographic locations. Our evaluation shows that Adlib found genuine security vulnerabilities from real-world AdSDKs.

Fri 19 Jul
Times are displayed in time zone: Beijing, Chongqing, Hong Kong, Urumqi change

11:00 - 12:30: Static Analysis and DebuggingTechnical Papers at Grand Ballroom
Chair(s): Arie van DeursenDelft University of Technology
11:00 - 11:22
Technical Papers
Christian KlingerUniversity of Texas, Austin, Maria ChristakisMPI-SWS, Valentin WüstholzConsenSys Diligence
11:22 - 11:45
Technical Papers
Michael ReifTU Darmstadt, Germany, Florian KüblerTU Darmstadt, Germany, Michael EichbergTU Darmstadt, Germany, Dominik HelmTU Darmstadt, Germany, Mira MeziniTU Darmstadt, Germany
Pre-print File Attached
11:45 - 12:07
Technical Papers
Sungho LeeKAIST, South Korea, Sukyoung RyuKAIST, South Korea
DOI Pre-print
12:07 - 12:30
Technical Papers
Sandro TolksdorfTU Darmstadt, Daniel LehmannTU Darmstadt, Michael PradelTU Darmstadt and Facebook
Link to publication DOI Pre-print