Abused Android Permissions by Advertising Networks

Android is the leading mobile operating system for smart phone and mobile tablet platforms. Since these mobile devices contain personal and sensitive data, security is a big challenge for them. Even though various security features are supported by Android, its permission model is quite problematic from usability and privacy aspects. When users want to install an application, they must grant all requested permissions. Since manually checking dozens of permissions is cumbersome, users ignore it and accept permissions without reading them. In Google Play Store, there exist thousands of applications that request more permissions than they actually need. Applications with unnecessary permissions can misuse their permissions and endanger their users´ security and privacy. Especially, advertising network libraries, integrated within applications, request many unnecessary permissions and get unauthorized access to users´ personal data. In this paper, we explain the results of our study which analyzes several advertising networks, their permission requests and behavior for accessing critical resources.