Many studies focused on detecting and measuring the security and privacy risks associated with the integration of advertising libraries in mobile apps. These studies consistently demonstrate the abuses of existing ad libraries. However, to fully assess the risks of an app that uses an advertising library, we need to take into account not only the current behaviors but all of the allowed behaviors that could result in the compromise of user data conﬁdentiality. Ad libraries on Android have potential for greater data collection through at least four major channels: using unprotected APIs to learn other apps’ information on the phone (e.g., app names); using protected APIs via permissions inherited from the host app to access sensitive information (e.g. Google and Facebook account information, geo locations); gaining access to ﬁles which the host app stores in its own protection domain; and observing user inputs into the host app.