12 Aug 2016

Respectful Ad Networks

If you're building an app, and want to show ads to make money, you use an ad network. You link their library into your app. The library then takes the opportunity to spy on your users. It collects as much information as it can.

Libraries do this in multiple ways. First, they take advantages of weaknesses in the platform where some private information is available without needing a permission. For example, finding out what other apps are installed on an Android device. Second, the library takes advantage of permissions you've declared for your own use. Third, the libraries even have the gall to insist that you declare permissions (on Android) for their use. Fourth, some of them even dynamically check to see if you've declared beyond the ones in their own documentation, and if so, they misuse them.

None of this is respectful to users. The last thing I would want for my app to become is a trojan horse for ad networks to spy on my users. I would want to show ads without including any native code from the ad network. Just give me a URL to load in a web view. Tell me the format of the URL, and what URL parameters to include. Like:

https://adnetwork.com/banner?width=300&height=200&appId=xyz

This should be a HTTPS URL. I'll load it in my web view. Not running the ad network's native code gives them one fewer opportunity to spy on my users.

The next step is to eliminate Javascript, which can collect sensitive information, interfere with responsiveness, use up cellular data, and hurt battery life. Just give me an image URL, which I will load and display. This works for web apps as well: I can put the URL in an img tag and rest assured that no Javascript is running.

Ad networks should also offer developers ways to restrict the types of ads. For example, I don't want animated ads, which are extremely annoying and distract me from using the app. I don't want that junk in my app. Perhaps:

https://adnetwork.com/banner?width=300&height=200&appId=xyz&animated=no

The web platform should also evolve to sandbox things — I should be able to say:

<img url="..." animated="no">

If that's a GIF, the browser or web view displays only the first frame. That way, we're not at the mercy of ad networks, who aren't trustworthy and don't care about privacy or user experience.

Or:

<restrict animated="no">
<iframe src="..." />
</restrict>

I might also want banner ads that don't have color in them, since that distracts from the app itself. Just monochrome ads. Again, I should be able to say:

<img url="..." monochrome="yes">

All these ideas do mean lower revenue, but that may be the right choice for developers who don't want to sacrifice their users' privacy, cellular data usage, battery life, and app responsiveness to make a quick buck.

Ad networks, and the web platform in general, should evolve to support such requirements, as should the web platform, to sandbox and put bad actors in their place.

No comments:

Post a Comment