Skip to main content

Measuring the (Over)use of Service Workers for In-Page Push Advertising Purposes

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13210)

Abstract

Rich offline experience, periodic background sync, push notification functionality, network requests control, improved performance via requests caching are only a few of the functionalities provided by the Service Worker (SW) API. This new technology, supported by all major browsers, can significantly improve users’ experience by providing the publisher with the technical foundations that would normally require a native application. Albeit the capabilities of this new technique and its important role in the ecosystem of Progressive Web Apps (PWAs), it is still unclear what is their actual purpose on the web, and how publishers leverage the provided functionality in their web applications.

In this study, we shed light in the real world deployment of SWs, by conducting the first large scale analysis of the prevalence of SWs in the wild. We see that SWs are becoming more and more popular, with the adoption increased by 26% only within the last 5 months. Surprisingly, besides their fruitful capabilities, we see that SWs are being mostly used for In-Page Push Advertising, in 65.08% of the SWs that connect with 3rd parties. We highlight that this is a relatively new way for advertisers to bypass ad-blockers and render ads on the user’s displays natively.

Keywords

  • Service workers
  • Push ads
  • Push notification advertising

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-98785-5_19
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-98785-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.
Fig. 9.
Fig. 10.
Fig. 11.

Notes

  1. 1.

    https://developers.google.com/web/ilt/pwa/introduction-to-push-notifications.

References

  1. Google Developers: Progressive web apps (2017). https://web.dev/progressive-web-apps/#introduction

  2. Pete LePage Sam Richard: What are progressive web apps? (2020). https://web.dev/what-are-pwas/

  3. Panagiotis, P., Panagiotis, I., Michalis, P., Evangelos, P.M., Ioannidis, S., Vasiliadis, G.: Master of web puppets: abusing web browsers for persistent and stealthy computation. In: Network and Distributed System Security Symposium (NDSS) (2019)

    Google Scholar 

  4. Karami, S., Ilia, P., Polakis, J.: Awakening the web’s sleeper agents: misusing service workers for privacy leakage. In: Network and Distributed System Security Symposium (NDSS) (2021)

    Google Scholar 

  5. Ann, M.: Are push notifications high engagement marketing tool in 2018? (2021). https://themarketingfolks.com/are-push-notifications-high-engagement-marketing-tool-in-2018/

  6. New brave ads use cases show up to 15.8% click-through rate, unmatched engagement (2020). https://brave.com/brave-ads-use-cases/

  7. Papadopoulos, P., Kourtellis, N., Markatos, E.P.: The cost of digital advertisement: comparing user and advertiser views. In: Proceedings of the World Wide Web Conference (WWW) (2018)

    Google Scholar 

  8. Castelluccia, C., Olejnik, L., Minh-Dung, T.: Selling off privacy at auction. In: Network and Distributed System Security Symposium (NDSS) (2014)

    Google Scholar 

  9. Pachilakis, M., Papadopoulos, P., Markatos, E.P., Kourtellis, N.: No more chasing waterfalls: a measurement study of the header bidding ad-ecosystem. In: Proceedings of the Internet Measurement Conference (IMC) (2019)

    Google Scholar 

  10. Aksana Shakal. Push ads in 2021: Complete advertiser’s guide (2020). https://richads.com/blog/push-notification-advertising/

  11. Papadopoulos, P., Kourtellis, N., Rodriguez, P.R., Laoutaris, N.: If you are not paying for it, you are the product: how much do advertisers pay to reach you? In: Proceedings of the Internet Measurement Conference (IMC) (2017)

    Google Scholar 

  12. Subramani, K., Yuan, X., Setayeshfar, O., Vadrevu, P., Lee, K.H., Perdisci, R.: When push comes to ads: measuring the rise of (malicious) push advertising. In: Proceedings of the ACM Internet Measurement Conference (IMC) (2020)

    Google Scholar 

  13. Google. Puppeteer: Chormium browser automation tool (2020). https://developers.google.com/web/tools/puppeteer

  14. Google Developers: Firebase cloud messaging (2021). https://firebase.google.com/docs/cloud-messaging

  15. Tranco: The tranco list we used for our crawls. https://tranco-list.eu/list/L564/1000000. Accessed 24 Sep 2020

  16. badmojr: 1hosts (pro) (2021). https://hosts.netlify.app/Pro/hosts.txt

  17. Similarweb LTD.: Website traffic–check and analyze any website (2021). https://www.similarweb.com/

  18. Wayback Machine: Internet archive (2021). https://archive.org/web/

  19. Mahanty, A.: Python package & cli tool that interfaces with the Wayback machine API (2021). https://pypi.org/project/waybackpy/

  20. Chinprutthiwong, P., Vardhan, R., Yang, G., Gu, G.: Security study of service worker cross-site scripting. In: Annual Computer Security Applications Conference (ACSAC) (2020)

    Google Scholar 

  21. Squarcina, M., Calzavara, S., Maffei, M.: The remote on the local: exacerbating web attacks via service workers caches. In: 15th Workshop On Offensive Technologies (WOOT) (2021)

    Google Scholar 

  22. Lee, J., Kim, H., Park, J., Shin, I., Son, S.: Pride and prejudice in progressive web apps: abusing native app-like features in web applications. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) (2018)

    Google Scholar 

Download references

Acknowledgements

This project received funding from the EU H2020 Research and Innovation programme under grant agreements No 830927 (Concordia), No 830929 (CyberSec4Europe), No 871370 (Pimcity) and No 871793 (Accordion). These results reflect only the authors’ view and the Commission is not responsible for any use that may be made of the information it contains.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Panagiotis Papadopoulos .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Pantelakis, G., Papadopoulos, P., Kourtellis, N., Markatos, E.P. (2022). Measuring the (Over)use of Service Workers for In-Page Push Advertising Purposes. In: Hohlfeld, O., Moura, G., Pelsser, C. (eds) Passive and Active Measurement. PAM 2022. Lecture Notes in Computer Science, vol 13210. Springer, Cham. https://doi.org/10.1007/978-3-030-98785-5_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-98785-5_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-98784-8

  • Online ISBN: 978-3-030-98785-5

  • eBook Packages: Computer ScienceComputer Science (R0)