Abstract
Rich offline experience, periodic background sync, push notification functionality, network requests control, improved performance via requests caching are only a few of the functionalities provided by the Service Worker (SW) API. This new technology, supported by all major browsers, can significantly improve users’ experience by providing the publisher with the technical foundations that would normally require a native application. Albeit the capabilities of this new technique and its important role in the ecosystem of Progressive Web Apps (PWAs), it is still unclear what is their actual purpose on the web, and how publishers leverage the provided functionality in their web applications.
In this study, we shed light in the real world deployment of SWs, by conducting the first large scale analysis of the prevalence of SWs in the wild. We see that SWs are becoming more and more popular, with the adoption increased by 26% only within the last 5 months. Surprisingly, besides their fruitful capabilities, we see that SWs are being mostly used for In-Page Push Advertising, in 65.08% of the SWs that connect with 3rd parties. We highlight that this is a relatively new way for advertisers to bypass ad-blockers and render ads on the user’s displays natively.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Google Developers: Progressive web apps (2017). https://web.dev/progressive-web-apps/#introduction
Pete LePage Sam Richard: What are progressive web apps? (2020). https://web.dev/what-are-pwas/
Panagiotis, P., Panagiotis, I., Michalis, P., Evangelos, P.M., Ioannidis, S., Vasiliadis, G.: Master of web puppets: abusing web browsers for persistent and stealthy computation. In: Network and Distributed System Security Symposium (NDSS) (2019)
Karami, S., Ilia, P., Polakis, J.: Awakening the web’s sleeper agents: misusing service workers for privacy leakage. In: Network and Distributed System Security Symposium (NDSS) (2021)
Ann, M.: Are push notifications high engagement marketing tool in 2018? (2021). https://themarketingfolks.com/are-push-notifications-high-engagement-marketing-tool-in-2018/
New brave ads use cases show up to 15.8% click-through rate, unmatched engagement (2020). https://brave.com/brave-ads-use-cases/
Papadopoulos, P., Kourtellis, N., Markatos, E.P.: The cost of digital advertisement: comparing user and advertiser views. In: Proceedings of the World Wide Web Conference (WWW) (2018)
Castelluccia, C., Olejnik, L., Minh-Dung, T.: Selling off privacy at auction. In: Network and Distributed System Security Symposium (NDSS) (2014)
Pachilakis, M., Papadopoulos, P., Markatos, E.P., Kourtellis, N.: No more chasing waterfalls: a measurement study of the header bidding ad-ecosystem. In: Proceedings of the Internet Measurement Conference (IMC) (2019)
Aksana Shakal. Push ads in 2021: Complete advertiser’s guide (2020). https://richads.com/blog/push-notification-advertising/
Papadopoulos, P., Kourtellis, N., Rodriguez, P.R., Laoutaris, N.: If you are not paying for it, you are the product: how much do advertisers pay to reach you? In: Proceedings of the Internet Measurement Conference (IMC) (2017)
Subramani, K., Yuan, X., Setayeshfar, O., Vadrevu, P., Lee, K.H., Perdisci, R.: When push comes to ads: measuring the rise of (malicious) push advertising. In: Proceedings of the ACM Internet Measurement Conference (IMC) (2020)
Google. Puppeteer: Chormium browser automation tool (2020). https://developers.google.com/web/tools/puppeteer
Google Developers: Firebase cloud messaging (2021). https://firebase.google.com/docs/cloud-messaging
Tranco: The tranco list we used for our crawls. https://tranco-list.eu/list/L564/1000000. Accessed 24 Sep 2020
badmojr: 1hosts (pro) (2021). https://hosts.netlify.app/Pro/hosts.txt
Similarweb LTD.: Website traffic–check and analyze any website (2021). https://www.similarweb.com/
Wayback Machine: Internet archive (2021). https://archive.org/web/
Mahanty, A.: Python package & cli tool that interfaces with the Wayback machine API (2021). https://pypi.org/project/waybackpy/
Chinprutthiwong, P., Vardhan, R., Yang, G., Gu, G.: Security study of service worker cross-site scripting. In: Annual Computer Security Applications Conference (ACSAC) (2020)
Squarcina, M., Calzavara, S., Maffei, M.: The remote on the local: exacerbating web attacks via service workers caches. In: 15th Workshop On Offensive Technologies (WOOT) (2021)
Lee, J., Kim, H., Park, J., Shin, I., Son, S.: Pride and prejudice in progressive web apps: abusing native app-like features in web applications. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) (2018)
Acknowledgements
This project received funding from the EU H2020 Research and Innovation programme under grant agreements No 830927 (Concordia), No 830929 (CyberSec4Europe), No 871370 (Pimcity) and No 871793 (Accordion). These results reflect only the authors’ view and the Commission is not responsible for any use that may be made of the information it contains.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Pantelakis, G., Papadopoulos, P., Kourtellis, N., Markatos, E.P. (2022). Measuring the (Over)use of Service Workers for In-Page Push Advertising Purposes. In: Hohlfeld, O., Moura, G., Pelsser, C. (eds) Passive and Active Measurement. PAM 2022. Lecture Notes in Computer Science, vol 13210. Springer, Cham. https://doi.org/10.1007/978-3-030-98785-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-98785-5_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98784-8
Online ISBN: 978-3-030-98785-5
eBook Packages: Computer ScienceComputer Science (R0)