Identifying Ad Libraries by Their Network Behavior Patterns

Free mobile apps have become ubiquitous in day-to-day life, and both an official and an unofficial market have rapidly grown to meet consumer demand. This rapidly developing industry has also resulted in a win-win environment for both app developers and advertising companies, who both reap significant financial reward from advertising with and within free apps. However, mobile app ads may pose a grave security threat to users. The ad module(s), also called ad libraries or ad lib(s) for short, embedded in an app could abuse the declared permissions of the whole app. It is therefore important for users to know what ad libs are embedded in downloaded apps. If the ad lib is more well-known, it may be relatively safer. Most ad libs may have different communication patterns with their ad servers. This study focused on the network behaviors of Android ad lib, used the dynamic analysis method to inspect an operating app and plotted the behavior patterns related to the advertisement into graphs. Moreover, it is determined whether the ad lib came from a trusted ad company through the similarities between the graphs.