Advertisement

Exploring the Eastern Frontier: A First Look at Mobile App Tracking in China

  • Zhaohua Wang
  • Zhenyu LiEmail author
  • Minhui Xue
  • Gareth Tyson
Conference paper
  • 48 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12048)

Abstract

Many mobile apps are integrated with mobile advertising and tracking services running in the background to collect information for tracking users. Considering China currently tops mobile traffic growth globally, this paper aims to take a first look at China’s mobile tracking patterns from a large 4G network. We observe the dominance of the top popular domestic trackers and the pervasive tracking on mobile apps. We also discover a very well-connected tracking community, where the non-popular trackers form many local communities with each community tracking a particular category of mobile apps. We further conclude that some trackers have a monopoly on specific groups of mobile users and 10% of users upload Personally Identifiable Information (PII) to trackers (with 90% of PII tracking flows local to China). Our results consistently show a distinctive mobile tracking market in China. We hope the results can inform users and stakeholders on the interplay between mobile tracking and potential security and privacy issues.

Notes

Acknowledgments

We would like to thank David Choffnes for shepherding our paper and PAM reviewers for their useful feedback. This work was supported, in part, by National Key R&D Program of China under Grant No. 2018YFB1800201 and the Youth Innovation Promotion Association CAS.

References

  1. 1.
    Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)CrossRefGoogle Scholar
  2. 2.
    Backes, M., Bugiel, S., Derr, E.: Reliable third-party library detection in android and its security applications. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 356–367. ACM (2016)Google Scholar
  3. 3.
    Binns, R., Zhao, J., Kleek, M.V., Shadbolt, N.: Measuring third-party tracker power across web and mobile. ACM Trans. Internet Technol. (TOIT) 18(4), 52 (2018)CrossRefGoogle Scholar
  4. 4.
    Book, T., Wallach, D.S.: An empirical study of mobile ad targeting. arXiv preprint arXiv:1502.06577 (2015)
  5. 5.
    Chen, J., Chen, H., Bauman, E., Lin, Z., Zang, B., Guan, H.: You shouldn’t collect my secrets: thwarting sensitive keystroke leakage in mobile \(\{\)IME\(\}\) apps. In: 24th \(\{\)USENIX\(\}\) Security Symposium, \(\{\)USENIX\(\}\) Security 2015, pp. 657–690 (2015)Google Scholar
  6. 6.
    Chen, T., Ullah, I., Kaafar, M.A., Boreli, R.: Information leakage through mobile analytics services. In: Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, p. 15. ACM (2014)Google Scholar
  7. 7.
    Cisco: Visual networking index: global mobile data traffic forecast update, 2017–2022 white paper. Technical report. Cisco (2019)Google Scholar
  8. 8.
    CIW: ebook: top 200 mobile apps in China (2018). https://www.chinainternetwatch.com/ebook/top-mobile-apps/
  9. 9.
    Clauset, A., Newman, M.E., Moore, C.: Finding community structure in very large networks. Phys. Rev. E 70(6), 066111 (2004)CrossRefGoogle Scholar
  10. 10.
    EasyList: The primary filter list that removes most adverts from international webpages (2016). https://easylist.to/
  11. 11.
    Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: detecting privacy leaks in iOS applications. In: NDSS, pp. 177–183 (2011)Google Scholar
  12. 12.
    Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRefGoogle Scholar
  13. 13.
    Gill, P., Erramilli, V., Chaintreau, A., Krishnamurthy, B., Papagiannaki, K., Rodriguez, P.: Follow the money: understanding economics of online aggregation and advertising. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 141–148. ACM (2013)Google Scholar
  14. 14.
    Halfaker, A., et al.: User session identification based on strong regularities in inter-activity time. In: Proceedings of the 24th International Conference on World Wide Web, pp. 410–418. International World Wide Web Conferences Steering Committee (2015)Google Scholar
  15. 15.
    Han, S., Jung, J., Wetherall, D.: A study of third-party tracking by mobile apps in the wild. University of Washington, Technical report UW-CSE-12-03-01 (2012)Google Scholar
  16. 16.
    Ikram, M., Masood, R., Tyson, G., Kaafar, M.A., Loizon, N., Ensafi, R.: The chain of implicit trust: an analysis of the web third-party resources loading. In: Web Conference (2019)Google Scholar
  17. 17.
    Ikram, M., Vallina-Rodriguez, N., Seneviratne, S., Kaafar, M.A., Paxson, V.: An analysis of the privacy and security risks of android VPN permission-enabled apps. In: Proceedings of the 2016 Internet Measurement Conference, pp. 349–364. ACM (2016)Google Scholar
  18. 18.
    Iordanou, C., Smaragdakis, G., Poese, I., Laoutaris, N.: Tracing cross border web tracking. In: Proceedings of the Internet Measurement Conference 2018, pp. 329–342. ACM (2018)Google Scholar
  19. 19.
    Kalavri, V., Blackburn, J., Varvello, M., Papagiannaki, K.: Like a pack of wolves: community structure of web trackers. In: Karagiannis, T., Dimitropoulos, X. (eds.) Passive and Active Measurement (2016)Google Scholar
  20. 20.
    Li, H., et al.: Characterizing smartphone usage patterns from millions of android users. In: Proceedings of the 2015 Internet Measurement Conference, pp. 459–472. ACM (2015)Google Scholar
  21. 21.
    Lightbeam: shine a light on who is watching you (2019). https://addons.mozilla.org/fr/firefox/addon/lightbeam-3-0/
  22. 22.
    Liu, M., Wang, H., Guo, Y., Hong, J.: Identifying and analyzing the privacy of apps for kids. In: Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications, pp. 105–110. ACM (2016)Google Scholar
  23. 23.
    MalwareBytes: hpHosts (2019). http://hosts-file.net/
  24. 24.
  25. 25.
    Qiu, L., Zhang, Z., Shen, Z., Sun, G.: AppTrace: dynamic trace on android devices. In: 2015 IEEE International Conference on Communications (ICC), pp. 7145–7150. IEEE (2015)Google Scholar
  26. 26.
    Rao, A., Sherry, J., Legout, A., Krishnamurthy, A., Dabbous, W., Choffnes, D.: Meddle: middleboxes for increased transparency and control of mobile traffic. In: CoNEXT Student Workshop (2012)Google Scholar
  27. 27.
    Razaghpanah, A., Nithyanand, R., Vallina-Rodriguez, N., Sundaresan, S., Allman, M., Gill, C.K.P.: Apps, trackers, privacy, and regulators. In: 25th Annual Network and Distributed System Security Symposium, NDSS, vol. 2018 (2018)Google Scholar
  28. 28.
    Razaghpanah, A., et al.: Haystack: In situ mobile traffic analysis in user space, pp. 1–13. arXiv preprint arXiv:1510.01419 (2015)
  29. 29.
    Ren, J., Rao, A., Lindorfer, M., Legout, A., Choffnes, D.: ReCon: revealing and controlling PII leaks in mobile network traffic. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, pp. 361–374. ACM (2016)Google Scholar
  30. 30.
    Seneviratne, S., Seneviratne, A., Mohapatra, P., Mahanti, A.: Your installed apps reveal your gender and more!. ACM SIGMOBILE Mob. Comput. Commun. Rev. 18(3), 55–61 (2015)CrossRefGoogle Scholar
  31. 31.
    Su, J., Li, Z., Grumbach, S., Ikram, M., Salamatian, K., Xie, G.: A cartography of web tracking using DNS records. Comput. Commun. 134, 83–95 (2019)CrossRefGoogle Scholar
  32. 32.
    Vallina-Rodriguez, N., et al.: Breaking for commercials: characterizing mobile advertising. In: Proceedings of the 2012 Internet Measurement Conference, pp. 343–356. ACM (2012)Google Scholar
  33. 33.
    Vallina-Rodriguez, N., et al.: Tracking the trackers: towards understanding the mobile advertising and tracking ecosystem. arXiv preprint arXiv:1609.07190 (2016)
  34. 34.
    Wang, H., Guo, Y.: Understanding third-party libraries in mobile app analysis. In: 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C), pp. 515–516. IEEE (2017)Google Scholar
  35. 35.
    Wang, H., et al.: Beyond google play: a large-scale comparative study of Chinese android app markets. In: Proceedings of the Internet Measurement Conference 2018, pp. 293–307. ACM (2018)Google Scholar
  36. 36.
    Watts, D.J., Strogatz, S.H.: Collective dynamics of ‘small-world’ networks. Nature 393(6684), 440 (1998)CrossRefGoogle Scholar
  37. 37.
    Xiang, C., et al.: No-jump-into-latency in China’s internet!: toward last-mile hop count based IP geo-localization. In: Proceedings of the International Symposium on Quality of Service, IWQoS 2019, pp. 42:1–42:10. ACM (2019)Google Scholar
  38. 38.
    Xu, Q., Erman, J., Gerber, A., Mao, Z., Pang, J., Venkataraman, S.: Identifying diverse usage behaviors of smartphone apps. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 329–344. ACM (2011)Google Scholar
  39. 39.
    Yao, H., Ranjan, G., Tongaonkar, A., Liao, Y., Mao, Z.M.: Samples: self adaptive mining of persistent lexical snippets for classifying mobile application traffic. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, pp. 439–451. ACM (2015)Google Scholar
  40. 40.
    Zang, J., Dummit, K., Graves, J., Lisker, P., Sweeney, L.: Who knows what about me? A survey of behind the scenes personal data sharing to third parties by mobile apps. Technol. Sci. 30, 1–53 (2015)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Zhaohua Wang
    • 1
    • 2
  • Zhenyu Li
    • 1
    • 2
    • 3
    Email author
  • Minhui Xue
    • 4
  • Gareth Tyson
    • 5
  1. 1.Institute of Computing Technology, Chinese Academy of SciencesBeijingChina
  2. 2.University of Chinese Academy of SciencesBeijingChina
  3. 3.Purple Mountain LaboratoriesNanjingChina
  4. 4.The University of AdelaideAdelaideAustralia
  5. 5.Queen Mary University of LondonLondonUK

Personalised recommendations