Open Access Open Access  Restricted Access Subscription Access

The Risks and Challenges for System-Wide Ad-Block Services

He-Jin Zhang,
Chun-Ying Huang,


With the rise of digital advertising, it is common to place advertisements on websites and mobile applications to gain profit or obtain user information. To counteract this, a variety of ad-blocking software has emerged on the market. In this paper, we discuss the risks and challenges of implementing a system-wide ad-blocking mechanism on Android. We discuss system-wide ad-blocking solutions' privacy and security issues and point out three significant challenges: domain name encryption, domain-name only blocking effectiveness, and blocking efficiency.
We first discuss the emerging development of DNS over HTTPS (DoH), which encrypts domain names and could significantly impair ad-blocking functions. We then provide a proof-of-concept to counteract this. Second, we analyze the effectiveness of ad-blocking using URL-based or Domain-based blacklist. Our evaluation results show that the difference between the two is not significant (domain-based is less 9.8 ~ 17% lower than URL-based). Therefore, even if it not feasible to check the URL paths at the application layer, it would be sufficient to perform ad-blocking based only on DNS requests. Finally, we implement our proposed approach as a VPN service in Android, which balances the security (no content decryption in the middle) and blocking effectiveness (domain-based blocking with more than 80% accuracy) for system-wide ad-blocking.

Citation Format:
He-Jin Zhang, Chun-Ying Huang, "The Risks and Challenges for System-Wide Ad-Block Services," Communications of the CCISA, vol. 27, no. 1 , pp. 19-40, Feb. 2021.

Full Text:



  • There are currently no refbacks.

Published by Chinese Cryptology and Information Security Association (CCISA), Taiwan, R.O.C
CCCISA Editorial Office, No.1, Sec. 1, Shennong Rd., Yilan City, Yilan County 260, Taiwan (R.O.C.)