AdSplit: Separating smartphone advertising from applications

TL;DR

AdSplit is a system that isolates advertising code from Android apps, reducing permission requests and enhancing security, while maintaining minimal performance overhead and supporting existing ad libraries.

Contribution

We extended Android to run apps and their ads as separate processes, improving security and permission management, and developed a method to automatically recompile apps for ad separation.

Findings

Permission bloat from ads is significant in many apps.

AdSplit introduces minimal runtime overhead.

Most ad libraries embed HTML widgets, simplifying separation.

Abstract

A wide variety of smartphone applications today rely on third-party advertising services, which provide libraries that are linked into the hosting application. This situation is undesirable for both the application author and the advertiser. Advertising libraries require additional permissions, resulting in additional permission requests to users. Likewise, a malicious application could simulate the behavior of the advertising library, forging the user's interaction and effectively stealing money from the advertiser. This paper describes AdSplit, where we extended Android to allow an application and its advertising to run as separate processes, under separate user-ids, eliminating the need for applications to request permissions on behalf of their advertising libraries. We also leverage mechanisms from Quire to allow the remote server to validate the authenticity of client-side behavior. In this paper, we quantify the degree of permission bloat caused by advertising, with a study of thousands of downloaded apps. AdSplit automatically recompiles apps to extract their ad services, and we measure minimal runtime overhead. We also observe that most ad libraries just embed an HTML widget within and describe how AdSplit can be designed with this in mind to avoid any need for ads to have native code.