The Price of Free: Privacy Leakage in Personalized Mobile In‐App Ads

Abstract

ln-app advertising is an essential part of the ecosystem of free mobile applications. On the surface, this creates a win-win situation where app developers can profit from their work without charging the users. Meanwhile, ad networks employ personalization to improve the effectiveness/profitability of their ad placement. This need for serving personalized advertisements in turn motivates ad networks to collect profile data about users. As such, "free" apps are only free in monetary terms; they come with the price of potential privacy concerns. The question is, how much data are users giving away in exchange for "free apps"? In this paper, we study how much of the user's interest and demographic information is known to major ad networks on the mobile platform. We also study whether personalized ads can be used by the hosting apps to reconstruct some of the user information collected by the ad network. By collecting more than 200 real user profiles and the ads seen by surveyed users, we found that in-app advertising can leak potentially sensitive user information to any app that hosts personalized ads, and ad networks' current protection mechanisms are not sufficient for safe-guarding users' sensitive personal information.