Mobile, personalized in-app ads present 'a new privacy threat,' Georgia Tech study shows

A new study conducted by the Georgia Institute of Technology's School of Computer Science indicated the personal data of millions of smartphone users remains at risk due to in-app advertising that can leak potentially sensitive user information between ad networks and mobile app developers.

The study of more than 200 respondents who used a custom-built app for Android-based smartphones showed 73 percent of ad impressions for 92 percent of mobile app users were correctly aligned with their demographic profiles. In addition, the study revealed a mobile app developer could learn a user's gender, age group and other demographic information depending on the ads shown to a user. 

"Free smartphone apps are not really free," Wei Meng, the study's lead researcher, said in a prepared statement. "Apps -- especially malicious apps -- can be used to collect potentially sensitive information about someone simply by hosting ads in the app and observing what is received by a user. Mobile, personalized in-app ads absolutely present a new privacy threat."

The study revealed that based on the ads shown, a mobile developer could learn a user's:

  • Gender with 75 percent accuracy.

  • Parental status with 66 percent accuracy.

  • Age group with 54 percent accuracy. 

Smartphone ads and privacy Georgia Tech

Source: "The Price of Free: Privacy Leakage in Personalized Mobile In-App Ads," Georgia Institute of Technology College of Computing

Study researchers also found a mobile developer could predict an end user's income, political affiliation and marital status with higher accuracy than random guesses based on the in-app ads a user sees. 

So what do the study results mean for mobile developers?

Maintaining user privacy remains paramount for mobile developers, but at the same time, many developers rely on personalized, in-app ads to boost their revenues. 

However, study researchers pointed out adopting HTTPS to protect ad traffic against cybersecurity threats is insufficient. Instead, researchers noted ad providers must incorporate "defense mechanisms" into their products to protect user privacy. 

"One possible defense could be adding noise or randomness into the personalized results," study researchers wrote in their report. "Besides adding noise to personalized ads, ad networks may also provide coarser grained targeting options for advertisers."

How ad networks manage user privacy issues ultimately could impact the success of mobile developers who design and deploy free smartphone apps. 

And if ad networks can find the right balance between the needs of a mobile app's end users and developers, they can ensure free smartphone app developers won't have to worry about compromising their users' personal data at any time. 

Related articles:
YouTube may see more ads targeted toward children with launch of Kidfluencer network
MWC panel highlights tension between ad blockers and the mobile-ad ecosystem 
Even as online video ad strategies evolve, friction increases over ad blocking