A Fait Accompli? An Empirical Study into the Absence of Consent to
Third-Party Tracking in Android Apps
- URL: http://arxiv.org/abs/2106.09407v2
- Date: Fri, 18 Jun 2021 07:00:40 GMT
- Title: A Fait Accompli? An Empirical Study into the Absence of Consent to
Third-Party Tracking in Android Apps
- Authors: Konrad Kollnig, Reuben Binns, Pierre Dewitte, Max Van Kleek, Ge Wang,
Daniel Omeiza, Helena Webb, Nigel Shadbolt
- Abstract summary: Third-party tracking allows companies to collect users' behavioural data and track their activity across digital devices.
This can put deep insights into users' private lives into the hands of strangers, and often happens without users' awareness or explicit consent.
This paper investigates whether and to what extent consent is implemented in mobile apps.
- Score: 27.58278290929534
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Third-party tracking allows companies to collect users' behavioural data and
track their activity across digital devices. This can put deep insights into
users' private lives into the hands of strangers, and often happens without
users' awareness or explicit consent. EU and UK data protection law, however,
requires consent, both 1) to access and store information on users' devices and
2) to legitimate the processing of personal data as part of third-party
tracking, as we analyse in this paper.
This paper further investigates whether and to what extent consent is
implemented in mobile apps. First, we analyse a representative sample of apps
from the Google Play Store. We find that most apps engage in third-party
tracking, but few obtained consent before doing so, indicating potentially
widespread violations of EU and UK privacy law. Second, we examine the most
common third-party tracking libraries in detail. While most acknowledge that
they rely on app developers to obtain consent on their behalf, they typically
fail to put in place robust measures to ensure this: disclosure of consent
requirements is limited; default consent implementations are lacking; and
compliance guidance is difficult to find, hard to read, and poorly maintained.
Related papers
- Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies.
This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
arXiv Detail & Related papers (2024-11-18T20:32:31Z) - A Large-Scale Privacy Assessment of Android Third-Party SDKs [17.245330733308375]
Third-party Software Development Kits (SDKs) are widely adopted in Android app development.
This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information.
Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
arXiv Detail & Related papers (2024-09-16T15:44:43Z) - Are LLM-based methods good enough for detecting unfair terms of service? [67.49487557224415]
Large language models (LLMs) are good at parsing long text-based documents.
We build a dataset consisting of 12 questions applied individually to a set of privacy policies.
Some open-source models are able to provide a higher accuracy compared to some commercial models.
arXiv Detail & Related papers (2024-08-24T09:26:59Z) - Privacy Policies and Consent Management Platforms: Growth and Users'
Interactions over Time [4.356242302111725]
Consent platforms (CMPs) have emerged as practical solutions to make it easier for website administrators to manage user consent.
This paper presents a detailed analysis of the evolution of CMPs spanning nine years.
We observe how even small changes in the design of Privacy Banners have a critical impact on the user's giving or denying their consent to data collection.
arXiv Detail & Related papers (2024-02-28T13:36:27Z) - Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
We design an intelligent approach to online privacy protection that leverages supervised learning.
By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
arXiv Detail & Related papers (2023-04-06T05:20:16Z) - Priorities for more effective tech regulation [3.8073142980733]
Report proposes a range of priorities for regulators, academia and the interested public in order to move beyond the status quo.
Current legal practice will not be enough to meaningfully tame egregious data practices.
arXiv Detail & Related papers (2023-02-27T16:53:05Z) - Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy
Labels [25.30364629335751]
Apple introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels.
This paper addresses the impact of these changes on individual privacy and control by analysing two versions of 1,759 iOS apps from the UK App Store.
We find that Apple itself engages in some forms of tracking and exempts invasive data practices like first-party tracking and credit scoring.
arXiv Detail & Related papers (2022-04-07T16:32:58Z) - Second layer data governance for permissioned blockchains: the privacy
management challenge [58.720142291102135]
In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths.
In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
arXiv Detail & Related papers (2020-10-22T13:19:38Z) - BeeTrace: A Unified Platform for Secure Contact Tracing that Breaks Data
Silos [73.84437456144994]
Contact tracing is an important method to control the spread of an infectious disease such as COVID-19.
Current solutions do not utilize the huge volume of data stored in business databases and individual digital devices.
We propose BeeTrace, a unified platform that breaks data silos and deploys state-of-the-art cryptographic protocols to guarantee privacy goals.
arXiv Detail & Related papers (2020-07-05T10:33:45Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - Decentralized is not risk-free: Understanding public perceptions of
privacy-utility trade-offs in COVID-19 contact-tracing apps [13.240901989243104]
We present a survey study that examined people's willingness to install six different contact-tracing apps.
We found that the majority of people in our sample preferred to install apps that use a centralized server for contact tracing.
We also found that the majority of our sample preferred to install apps that share diagnosed users' recent locations in public places to show hotspots of infection.
arXiv Detail & Related papers (2020-05-25T07:50:51Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.