TY - GEN
T1 - ProfileGuard
AU - Ullah, Imdad
AU - Boreli, Roksana
AU - Kanhere, Salil S.
AU - Chawla, Sanjay
N1 - Publisher Copyright:
Copyright © 2014 ACM.
PY - 2014/11/3
Y1 - 2014/11/3
N2 - Analytics companies have become an integral part of the mobile advertising industry, enabling successful user targeting via user profiles, derived from the mobile apps installed by specific users. This poses a threat to privacy of such users, when apps indicating sensitive information, e.g., a gaming app showing a gambling problem, are the basis for profiling. In this paper, we propose a Profile Guard, novel app-based obfuscation mechanism to remove the dominance (prevalence amongst the interest categories present in a user profile) of selected private user profile interest categories. We show, based on extensive experimental evaluation using 2700 Android apps during a 9 month test campaign, that the best trade-off between the level of effort required by the obfuscating system and the resulting privacy protection can be achieved by choosing the obfuscating apps based on similarity with user's existing apps (while ensuring that the selected apps belong to a non-private category). We implement a POC ProfileGuard app to demonstrate the feasibility of an automated obfuscation mechanism. We also provide insights into the broad Google AdMob profiling rules, showing that there is a deterministic mapping of individual apps to profile interests, that profiles based on multiple apps represent a union of individual app profiles and that there is a minimum level of activity necessary for AdMob to build a stable user profile. Finally, we show the resulting effect of obfuscation on the received ads, demonstrating that modifying user profiles to include a richer set of interests results in correspondingly more diverse received ads.
AB - Analytics companies have become an integral part of the mobile advertising industry, enabling successful user targeting via user profiles, derived from the mobile apps installed by specific users. This poses a threat to privacy of such users, when apps indicating sensitive information, e.g., a gaming app showing a gambling problem, are the basis for profiling. In this paper, we propose a Profile Guard, novel app-based obfuscation mechanism to remove the dominance (prevalence amongst the interest categories present in a user profile) of selected private user profile interest categories. We show, based on extensive experimental evaluation using 2700 Android apps during a 9 month test campaign, that the best trade-off between the level of effort required by the obfuscating system and the resulting privacy protection can be achieved by choosing the obfuscating apps based on similarity with user's existing apps (while ensuring that the selected apps belong to a non-private category). We implement a POC ProfileGuard app to demonstrate the feasibility of an automated obfuscation mechanism. We also provide insights into the broad Google AdMob profiling rules, showing that there is a deterministic mapping of individual apps to profile interests, that profiles based on multiple apps represent a union of individual app profiles and that there is a minimum level of activity necessary for AdMob to build a stable user profile. Finally, we show the resulting effect of obfuscation on the received ads, demonstrating that modifying user profiles to include a richer set of interests results in correspondingly more diverse received ads.
KW - Mobile apps
KW - Obfuscation
KW - Privacy
KW - Targeted ads
UR - http://www.scopus.com/inward/record.url?scp=84910686514&partnerID=8YFLogxK
U2 - 10.1145/2665943.2665961
DO - 10.1145/2665943.2665961
M3 - Conference contribution
AN - SCOPUS:84910686514
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 83
EP - 92
BT - Proceedings of the ACM Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 3 November 2014
ER -