App developer ad choices can leave users at risk

(Credit: Raw Pixel)

A developer’s choice of ad network can leave users vulnerable to questionable ads and data privacy concerns, research finds.

In a study involving both a survey of 49 mostly independent app developers and in-depth interviews with 10, researchers found that app developers believe that entering agreements with groups like Facebook ads, AdMob, ONE by AOL, and Unity Ads are the only way to make money from their apps.

“Despite this reliance on ads, we were surprised to see that few developers compared different ad networks in detail to find one that serves their needs best,” says lead author Abraham Mhaidli, a doctoral student at the University of Michigan. “Instead, they relied on information they read in developer forums or a notion of which ad networks are popular.”

Ad networks and dev choices

“Even more surprising, many participants just stuck with the default settings their ad network of choice used, rather than trying to optimize for profit, which might mean collecting more data about their users,” Mhaidli says.

This not only translated into the developers having no say in the ads attached to their creations, but also removed them from being involved in protecting consumers, despite their strong belief in the importance of security and consumer satisfaction.

This led to several inconsistencies between what the app developers says was important when it came to consumers. For example, 90% of survey participants considered the security of users as very/extremely important, and 74% felt user satisfaction was very/extremely important. Yet when researchers asked them about various risks and if they were concerned about ad networks’ data collection practices, 23 survey participants said definitely/probably true; 11 said definitely/probably false.

“Only about half of our survey participants were aware of consumer risks associated with ad networks, such as ad networks collecting extensive information about consumers without their consent, users being shown inappropriate or graphic ads, or ads infecting people’s devices with malware, all of which are actual risks that occur in practice,” says Florian Schaub, an assistant professor of information.

“Even though many participants claimed that they are concerned about the safety, security, and privacy of their users, they did not make adjustments to ad network settings to prevent the ad network from tracking their users or limiting the type of ads shown to people.”

Money matters

The researchers say alternate monetization models and new policies to make ad networks more consumer-friendly are necessary.

“The ecosystem for ads has been pretty mature nowadays, with ad networks serving as the bridge between businesses and app developers, providing developer kits and all kinds of tutorials. However, such support can rarely be found when someone wants to explore other alternative funding models,” says coauthor Yixin Zou, a doctoral student.

“As the starting point, we need more empirical research to show what monetization models are out there and how well they work for apps, as well as comprehensive online posts/tutorials to help developers set things up. The thought that ads are not (and should not be) the only way to monetize apps should be embedded in education for prospective developers, such as through courses offered to computer science undergraduates,” Zou says.

“Later on, maybe we can encourage the adoption of other revenue models by developing tools and platforms that facilitate the standardized operation of these models, similar to how ad networks work for the ad ecosystem at this point.”

The researchers presented their work at the Symposium on Usable Privacy and Security in Santa Clara, California.

Source: Jessica Webster for University of Michigan