With the rise of digital advertising, it is common to place advertisements on websites and mobile applications to gain profit or obtain user information. To counteract this, a variety of ad-blocking software has emerged on the market. In this paper, we discuss the risks and challenges of implementing a system-wide ad-blocking mechanism on Android. We discuss system-wide ad-blocking solutions' privacy and security issues and point out three significant challenges: domain name encryption, domain-name only blocking effectiveness, and blocking efficiency.
We first discuss the emerging development of DNS over HTTPS (DoH), which encrypts domain names and could significantly impair ad-blocking functions. We then provide a proof-of-concept to counteract this. Second, we analyze the effectiveness of ad-blocking using URL-based or Domain-based blacklist. Our evaluation results show that the difference between the two is not significant (domain-based is less 9.8 ~ 17% lower than URL-based). Therefore, even if it not feasible to check the URL paths at the application layer, it would be sufficient to perform ad-blocking based only on DNS requests. Finally, we implement our proposed approach as a VPN service in Android, which balances the security (no content decryption in the middle) and blocking effectiveness (domain-based blocking with more than 80% accuracy) for system-wide ad-blocking.