[1] 2016. UI/Application Exerciser Monkey. https://developer.android.com/studio/ [35] Ryan Stevens, Clint Gibler, Jon Crussell, Jeremy Erickson, and Hao Chen. 2012. test/monkey.html. (2016). Accessed: 2017-08-28. [2] 2017. AdAway. https://adaway.org/. (2017). Accessed: 2017-08-28. [3] 2017. AdblockBrowser. https://adblockbrowser.org/. (2017). Accessed: 2017-08-28. from third-party native libraries. In WiSec'14. ACM, 165-176. [4] 2017. AdblockPlus. https://adblockplus.org/. (2017). Accessed: 2017-08-28. [5] 2017. AdGuard. https://adguard.com/en/welcome.html. (2017). Accessed: 2017- enforcement for android applications. In USENIX Security'12, Vol. 2012. 08-28. [6] 2017. Google Play Services: Interstitials. https://developers.google.com/ mobile-ads-sdk/docs/dfp/android/interstitial. (2017). Accessed: 2017-08-28. applications. In ASIACCS'14. ACM, 483-494. [7] 2017. Google Play Services: Setup. https://developers.google.com/android/guides/ [39] Xiao Zhang, Amit Ahlawat, and Wenliang Du. 2013. Aframe: Isolating advertise setup. (2017). Accessed: 2017-08-28. [8] 2017. Guava. https://github.com/google/guava. (2017). Accessed: 2017-08-28. [40] Yajin Zhou, Kunal Patel, Lei Wu, Zhi Wang, and Xuxian Jiang. 2015. Hybrid [9] Michael Backes, Sven Bugiel, and Erik Derr. 2016. Reliable third-party library user-level sandboxing of third-party android apps. In ASIACCS'15. ACM, 19-30. detection in Android and its security applications. In CCS'16. ACM, 356-367. [10] Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp von Styp-Rekowsky. 2015. Boxify: Full-�edged App Sandboxing for Stock Android. In USENIX Security'15. 691-706. [11] Michael Backes, Sven Bugiel, Oliver Schranz, Philipp von Styp-Rekowsky, and A APIS OF OUR COMMUNICATION Sebastian Weisgerber. 2017. ARTist: The Android runtime instrumentation and security toolkit. In EuroS&P'17. IEEE, 481-495. [12] Michael Backes, Sven Bugiel, Philipp von Styp-Rekowsky, and Marvin Wißfeld. Listings of our communication channel API, noted in AIDL. 2017. Seamless In-App Ad Blocking on Stock Android. In MoST'17. IEEE. [13] Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Ma�ei, and Philipp von Styp-Rekowsky. 2013. Appguard-enforcing user requirements on android apps. In TACAS'13. Springer, 543-548. [14] Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, and David Wetherall. 2014. Brahmas tra: Driving Apps to Test the Security of Third-Party Components. In USENIX Security'14. 1021-1036. [15] Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, and Giovanni Vigna. 2015. NJAS: Sandboxing unmodi�ed applications in non-rooted devices running stock android. In SPSM'15. ACM, 27-38. [16] Drew Davidson, Yaohui Chen, Franklin George, Long Lu, and Somesh Jha. 2017. Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems. In ASIACCS'17. ACM, 652-665. [17] Benjamin Davis and Hao Chen. 2013. RetroSkeleton: retro�tting android apps. In MobiSys'13. ACM, 181-192. [18] Benjamin Davis, Ben Sanders, Armen Khodaverdian, and Hao Chen. 2012. I arm-droid: A rewriting framework for in-app reference monitors for android applications. MoST'12 2012, 2 (2012), 17. [19] Soteris Demetriou, Whitney Merrill, Wei Yang, Aston Zhang, and Carl A Gunter. 2016. Free for all! assessing user data exposure to advertising libraries on android. Listing 2: Advertisement Invocation API NDSS'16 (2016). [20] Erik Derr. 2017. https://projects.cispa.uni-saarland.de/derr/libscout. (2017). Ac cessed: 2017-08-28. [21] Úlfar Erlingsson. 2003. The inlined reference monitor approach to security policy enforcement. Technical Report. Cornell University. [22] Michael C. Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. 2012. Unsafe Exposure Analysis of Mobile In-app Advertisements. In WISEC'12. ACM, 101- 112. [23] Konrad Jamrozik and Andreas Zeller. 2016. DroidMate: a robust and extensible test generator for Android. In MOBILESoft'16. IEEE, 293-294. [24] Jinseong Jeon, Kristopher K Micinski, Je�rey A Vaughan, Ari Fogel, Nikhilesh Reddy, Je�rey S Foster, and Todd Millstein. 2012. Dr. Android and Mr. Hide: �ne-grained permissions in android applications. In SPSM'12. ACM, 3-14. [25] Bin Liu, Bin Liu, Hongxia Jin, and Ramesh Govindan. 2015. E�cient privilege de-escalation for ad libraries in mobile apps. In MobiSys'15. ACM, 89-103. [26] Wei Meng, Ren Ding, Simon P Chung, Steven Han, and Wenke Lee. 2016. The price of free: Privacy leakage in personalized mobile in-app ads. NDSS'16. [27] Paul Pearce, Adrienne Porter Felt, Gabriel Nunez, and David Wagner. 2012. AdListing 3: Lifecycle API droid: Privilege separation for applications and advertisers in android. In ASI ACCS'12. ACM, 71-72. [28] Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna. 2014. Execute This! Analyzing Unsafe and Malicious Dy namic Code Loading in Android Applications. In NDSS'14, Vol. 14. 23-26. Enforcing complex, data-centric, system-wide policies in android. In ARES'14. IEEE, 40-49. [30] Thorsten Schreiber. 2011. Android binder. http://www.nds.rub.de/media/ attachments/�les/2012/03/binder.pdf. (2011). [31] Jaebaek Seo, Daehyeok Kim, Donghyun Cho, Taesoo Kim, and Insik Shin. 2016. FlexDroid: Enforcing in-app privilege separation in android. In NDSS'16. [32] Shashi Shekhar, Michael Dietz, and Dan S Wallach. 2012. AdSplit: Separating Smartphone Advertising from Applications. In USENIX Security'12, Vol. 2012. [33] Stephen Smalley and Robert Craig. 2013. Security Enhanced