MAPS: Scaling Privacy Compliance Analysis to a Million Apps
Norman Sadeh2019, Proceedings on Privacy Enhancing Technologies
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
The app economy is largely reliant on data collection as its primary revenue model. To comply with legal requirements, app developers are often obligated to notify users of their privacy practices in privacy policies. However, prior research has suggested that many developers are not accurately disclosing their apps’ privacy practices. Evaluating discrepancies between apps’ code and privacy policies enables the identification of potential compliance issues. In this study, we introduce the Mobile App Privacy System (MAPS) for conducting an extensive privacy census of Android apps. We designed a pipeline for retrieving and analyzing large app populations based on code analysis and machine learning techniques. In its first application, we conduct a privacy evaluation for a set of 1,035,853 Android apps from the Google Play Store. We find broad evidence of potential non-compliance. Many apps do not have a privacy policy to begin with. Policies that do exist are often silent on the pract...
Related papers
Automated Analysis of Privacy Requirements for Mobile Apps
Proceedings 2017 Network and Distributed System Security Symposium, 2017
Mobile apps have to satisfy various privacy requirements. Notably, app publishers are often obligated to provide a privacy policy and notify users of their apps' privacy practices. But how can a user tell whether an app behaves as its policy promises? In this study we introduce a scalable system to help analyze and predict Android apps' compliance with privacy requirements. We discuss how we customized our system in a collaboration with the California Office of the Attorney General. Beyond its use by regulators and activists our system is also meant to assist app publishers and app store owners in their internal assessments of privacy requirement compliance. Our analysis of 17,991 free Android apps shows the viability of combining machine learning-based privacy policy analysis with static code analysis of apps. Results suggest that 71% of apps that lack a privacy policy should have one. Also, for 9,050 apps that have a policy, we find many instances of potential inconsistencies between what the app policy seems to state and what the code of the app appears to do. In particular, as many as 41% of these apps could be collecting location information and 17% could be sharing such with third parties without disclosing so in their policies. Overall, each app exhibits a mean of 1.83 potential privacy requirement inconsistencies.
Longitudinal Compliance Analysis of Android Applications with Privacy Policies
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2022
Contemporary mobile applications (apps) are designed to track, use, and share users' data, often without their consent, which results in potential privacy and transparency issues. To investigate whether mobile apps have always been (non-)transparent regarding how they collect information about users, we perform a longitudinal analysis of the historical versions of 268 Android apps. These apps comprise 5,240 app releases or versions between 2008 and 2016. We detect inconsistencies between apps' behaviors and the stated use of data collection in privacy policies to reveal compliance issues. We utilize machine learning techniques for the classification of the privacy policy text to identify the purported practices that collect and/or share users' personal information, such as phone numbers and email addresses. We then uncover the data leaks of an app through static and dynamic analysis. Over time, our results show a steady increase in the number of apps' data collection practices that are undisclosed in the privacy policies. This behavior is particularly troubling since privacy policy is the primary tool for describing the app's privacy protection practices. We find that newer versions of the apps are likely to be more non-compliant than their preceding versions. The discrepancies between the purported and the actual data practices show that privacy policies are often incoherent with the apps' behaviors, thus defying the 'notice and choice' principle when users install apps.
An empirical study of privacy labels on the Apple iOS mobile app store
Proceedings of the 9th IEEE/ACM International Conference on Mobile Software Engineering and Systems
Privacy labels provide an easy and recognizable overview of data collection practices adopted by mobile apps developers. Specifically, on the Apple App Store, privacy labels are displayed on each mobile app's page and summarize what data is collected by the app, how it is used, and for what purposes it is needed. Starting from the release of iOS version 14.3 developers are required to provide privacy labels for their applications. We conducted a large-scale empirical study, collecting and analyzing the privacy labels of 17, 312 apps published on the App Store, to understand and characterize how sensitive data is collected and shared. The results of our analysis highlight important criticalities about the collection and sharing of personal data for tracking purposes. In particular, on average free applications collect more sensitive data, the majority of data is collected in an unanonimyzed form, and a wide range of sensitive information are collected for tracking purposes. The analysis provides also evidence to support the decision-making of users, platform maintainers, and regulators. Furthermore, we repeated the data collection and analysis after seven months, following the introduction of additional run-time tracking controls by Apple. Comparing the two datasets, we observed that the newly introduced measures resulted in a statistically significant decrease in the number of apps that collect data for tracking purposes. At the same time, we observed a growth in overall data collection.
PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps
Proceedings 2021 Network and Distributed System Security Symposium
Various privacy laws require mobile apps to have privacy policies. Questionnaire-based policy generators are intended to help developers with the task of policy creation. However, generated policies depend on the generators' designs as well as developers' abilities to correctly answer privacy questions on their apps. In this study we show that policies generated with popular policy generators are often not reflective of apps' privacy practices. We believe that policy generation can be improved by supplementing the questionnaire-based approach with code analysis. We design and implement PrivacyFlash Pro, a privacy policy generator for iOS apps that leverages static analysis. PrivacyFlash Pro identifies code signatures-composed of Plist permission strings, framework imports, class instantiations, authorization methods, and other evidence-that are mapped to privacy practices expressed in privacy policies. Resources from package managers are used to identify libraries. We tested PrivacyFlash Pro in a usability study with 40 iOS app developers and received promising results both in terms of reliably identifying apps' privacy practices as well as on its usability. We measured an F-1 score of 0.95 for identifying permission uses. 24 of 40 developers rated PrivacyFlash Pro with at least 9 points on a scale of 0 to 10 for a Net Promoter Score of 42.5. The mean System Usability Score of 83.4 is close to excellent. We provide PrivacyFlash Pro as an open source project to the iOS developer community. In principle, our approach is platformagnostic and adaptable to the Android and web platforms as well. To increase privacy transparency and reduce compliance issues we make the case for privacy policies as software development artifacts. Privacy policy creation should become a native extension of the software development process and adhere to the mental model of software developers.
Benchmarking Privacy Policies in the Mobile Application Ecosystem
2018
Mobile app providers have access to, and gather, large amounts of personal data. The exact data varies by app provider and is described in lengthy privacy policies with varying levels of transparency. Privacy policies with a low level of transparency hamper users from making educated decisions about the data that they want to share with third parties. In this paper, the Privacy Policy Benchmark Model is presented based on existing literature and applied to a selection of 20 mobile applications and their privacy policies. The Privacy Policy Benchmark Model is used for evaluating the transparency and quantity of data that is collected. The model consists of two aspects: the amount of data mobile app provides collect and the transparency of those privacy policies. The examined providers are transparent about what they collected and how they use it. They are less transparent about other topics such as the location of the stored information and how information is processed after removal,...
CAP-A: A Suite of Tools for Data Privacy Evaluation of Mobile Applications
2020
The utilisation of personal data by mobile apps is often hidden behind vague Privacy Policy documents, which are typically lengthy, difficult to read (containing legal terms and definitions) and frequently changing. This paper discusses a suite of tools developed in the context of the CAP-A project, aiming to harness the collective power of users to improve their privacy awareness and to promote privacy-friendly behaviour by mobile apps. Through crowdsourcing techniques, users can evaluate the privacy friendliness of apps, annotate and understand Privacy Policy documents, and help other users become aware of privacy-related aspects of mobile apps and their implications, whereas developers and policy makers can identify trends and the general stance of the public in privacy-related matters. The tools are available for public use in: https://cap-a.eu/tools/.
Understanding the Behaviour of Privacy in Mobile Apps and Detecting Privacy Leaks
With the advent of smartphones, mobile application industry is becoming one of the fastest growing industry today. Every now and then, we hear about a new app being launched. However, besides providing you with information like news, fun and amusement servicesthey can also seize your privacy. One of the most common example of this trend is asking permission from users when they are seeking to download those apps. Many types of researches have suggested that users don't care much while giving permissions to these apps. The main purpose of our research is to know the main reason for asking these permission requests by analyzing your app's traffic and how they collect sensitive information such as your phone's IMEI number or location for advertisement, tracking, or analytical purposes. To address this issue, we have developed Network Privacy Monitor (NPM), a tool for active network monitoring and context aware network filtering capabilities. With this tool, a user can block any app that utilizes personal or confidential data for a specified context. Our work is a small contribution towards strengthening the existing Android security framework.
May 2018 Permission-based Privacy Analysis for Android Applications
2019
While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app’s safety mostly relies on the features like rating and popularity, rather than in understanding context of listed permissions. In this paper we investigate the relationship between the features collected from Android Market API 23 (such as Popularity, Total Number of Permissions, Number of Dangerous Permissions, Rating and Package Size) to app’s privacy violati...
Improving User Choice Through Better Mobile Apps Transparency and Permissions Analysis
Our personal information, habits, likes and dislikes can be all deduced from our mobile devices. Safeguarding mobile privacy is therefore of great concern. Transparency and individual control are bedrock principles of privacy but making informed choices about which mobile apps to use has been shown to be difficult. In order to understand the dynamics of information collection in mobile apps and to demonstrate the value of transparent access to the details of mobile applications information access permissions, we have gathered information about 528,433 apps on Google Play, and analyzed the permissions requested by each app. We develop a quantitative measure of the risk posed by apps by devising a ‘sensitivity score’ to represent the number of occurrences of permissions that read personal information about users where network communication is possible. We found that 54% of apps do not access any personal data. The remaining 46% collect between 1 to 20 sensitive permissions and have th...
Permission-based Privacy Analysis for Android Applications
While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app's safety mostly relies on the features like rating and popularity, rather than in understanding context of listed permissions. In this paper we investigate the relationship between the features collected from Android Market API 23 (such as Popularity, Total Number of Permissions, Number of Dangerous Permissions, Rating and Package Size) to app's privacy violation. To show the influence of each feature we use linear regression and R squared statistics. The conducted research can contribute to the classification of mobile applications with regards to the threat on user's privacy.
The Price is (Not) Right: Comparing Privacy in Free and Paid Apps
Proceedings on Privacy Enhancing Technologies
It is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or danger...
Identifying and Analyzing the Privacy of Apps for Kids
Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications, 2016
One aspect of privacy that has not been well explored is privacy for children. We present the design and evaluation of a machine learning model for predicting whether a mobile app is designed for children, which is an important step in helping to enforce the Children's Online Privacy Protection Act (COPPA). We evaluated our model on 1,728 apps from Google Play and achieved 95% accuracy. We also applied our model on a set of nearly 1 million free apps from Google Play, and identified almost 68,000 apps for kids. We then conducted a privacy analysis of the usage of third-party libraries for each app, which can help us understand some of the app's privacy-related behaviors. We believe this list can serve as a good start point for further fine-grained privacy analysis on mobile apps for children.
Unpacking Privacy Labels: A Measurement and Developer Perspective on Google's Data Safety Section
arXiv (Cornell University), 2023
Google has mandated developers to use Data Safety Sections (DSS) to increase transparency in data collection and sharing practices. In this paper, we present a comprehensive analysis of Google's Data Safety Section (DSS) using both quantitative and qualitative methods. We conduct the first large-scale measurement study of DSS using apps from Android Play store (n=1.1M). We find that there are internal inconsistencies within the reported practices. We also find trends of both over and under-reporting practices in the DSSs. Next, we conduct a longitudinal study of DSS to explore how the reported practices evolve over time, and find that the developers are still adjusting their practices. To contextualize these findings, we conduct a developer study, uncovering the process that app developers undergo when working with DSS. We highlight the challenges faced and strategies employed by developers for DSS submission, and the factors contributing to changes in the DSS. Our research contributes valuable insights into the complexities of implementing and maintaining privacy labels, underlining the need for better resources, tools, and guidelines to aid developers. This understanding is crucial as the accuracy and reliability of privacy labels directly impact their effectiveness.
PrimAndroid: Privacy Policy Modelling and Analysis for Android Applications
2011
Abstract The rapid growth of mobile applications has imposed new threats to privacy: users often find it challenging to ensure that their privacy policies are consistent with the requirements of a diverse range of of mobile applications that access personal information under different contexts. This problem exacerbates when applications depend on each other and therefore share permissions to access resources in ways that are opaque to an end-user.
Understanding and capturing people's mobile app privacy preferences
2013
Users are increasingly expected to manage a wide range of security and privacy settings. An important example of this trend is the variety of users might be called upon to review permissions when they download mobile apps. Experiments have shown that most users struggle with reviewing these permissions. Earlier research efforts in this area have primarily focused on protecting users' privacy and security through the development of analysis tools and extensions intended to further increase the level of control provided to users with little regard for human factor considerations.
Evaluating the Data Privacy of Mobile Applications Through Crowdsourcing
2020
Consumers are largely unaware regarding the use being made to the data that they generate through smart devices, or their GDPR-compliance, since such information is typically hidden behind vague privacy policy documents, which are often lengthy, difficult to read (containing legal terms and definitions) and frequently changing. This paper describes the activities of the CAP-A project, whose aim is to apply crowdsourcing techniques to evaluate the privacy friendliness of apps, and to allow users to better understand the content of Privacy Policy documents and, consequently, the privacy implications of using any given mobile app. To achieve this, we developed a set of tools that aim at assisting users to express their own privacy concerns and expectations and assess the mobile apps’ privacy properties through collective intelligence.
Personal Information Classification on Aggregated Android Application's Permissions
Appl. Sci., 2019
Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the 'Android permission system', a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.
Predicting Users Mobile App Privacy Preferences
Journal of Computer and Communications, 2019
Home users are using a wide and increasing range of different technologies, devices, platforms, applications and services every day. In parallel, home users are also installing and using an enormous number of apps, which collect and share a large amount of data. Users are also often unaware of what information apps collect about them, which is really valuable and sensitive for them. Therefore, users are becoming increasingly concerned about their personal information that is stored in these apps. While most mobile operating systems such as Android and iOS provide some privacy safeguards for users, it is unrealistic to manage and control a large volume of data. Accordingly, there is a need for a new technique, which has the ability to predict many of a user's mobile app privacy preferences. A major contribution of this work is to utilise different machine learning techniques for assigning users to the privacy profiles that most closely capture their privacy preferences. Applying privacy profiles as default settings for initial interfaces could significantly reduce the burden and frustration of the user. The result shows that it's possible to reduce the user's burden from 46 to 10 questions by achieving 86% accuracy, which indicates that it's possible to predict many of a user's mobile app privacy preferences by asking the user a small number of questions.
Privacy revelations for web and mobile apps
2011
Users of Web and mobile apps must often decide whether to give the apps access to personal information without knowing what they will do with it. We argue that users could better manage their privacy and privacy standards would rise if the operating system simply revealed to users how their apps spread personal information. However, for this strategy to be effective, the research community must go well beyond today's low-level monitoring techniques to develop predictive, user-facing descriptions of information exposure that are grounded in measurement and analysis.
Your Privacy is not so Private: Unveiling Android Apps Privacy Framework from the Dark
As the adoption of smartphones continues to surge all over the world, mobile apps have become a tool of greater significance, offering free access to everything ranging from social networking sites and emails to online banking transactions and ticket reservations. In any case, even free applications can include potential tradeoffs with regard to allowing access to private information of their users. This pattern has brought about expanding worries over the malicious nature of these apps and the security threats that these apps force upon its users. In this paper, we analyze the mobile apps privacy framework, its loopholes and survey the proposed tools and frameworks which primarily focuses on the effect of sensitive data leakage and privacy risks involved with it.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.