This work investigates privacy characteristics of Android advertising libraries. Taking a sample of 114,000 apps, a network of simulated mobile devices, and 225,000 real life ad requests, Dr. Book extracts ad libraries and studies their use of sensitive data obtained from permission-protected Android API calls, internet APIs, and the users themselves. He records ad libraries' communication with internet hosts and finds that nearly all ads show the effects of application and time based targeting. 43% of ads show location targeting and 39% have evidence of user-based targeting. Surprisingly, he finds that 10% of ads are targeted based on their device's IP address, a practice which renders many privacy technologies inoperative, including web browser incognito mode. In sum, this work reveals how ad libraries make use of both the operating system and their host application to collect sensitive information about their users, and how they then use that information to target ads.