Tracking in apps' privacy policies

• URL: http://arxiv.org/abs/2111.07860v2
• Date: Fri, 26 Nov 2021 08:59:17 GMT
• Title: Tracking in apps' privacy policies
• Authors: Konrad Kollnig
• Abstract summary: We analysed privacy policies from 26,910 mobile apps in May 2019. 52 developers of apps did not provide privacy policy and asked them about data practices. Despite being legally required to answer such queries, 12 developers (23%) failed to respond.
• Score: 3.8073142980733
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Data protection law, including the General Data Protection Regulation (GDPR), usually requires a privacy policy before data can be collected from individuals. We analysed 15,145 privacy policies from 26,910 mobile apps in May 2019 (about one year after the GDPR came into force), finding that only opening the policy webpages shares data with third-parties for 48.5% of policies, potentially violating the GDPR. We compare this data sharing across countries, payment models (free, in-app-purchases, paid) and platforms (Google Play Store, Apple App Store). We further contacted 52 developers of apps, which did not provide a privacy policy, and asked them about their data practices. Despite being legally required to answer such queries, 12 developers (23%) failed to respond.

Related papers

• RADS-Checker: Measuring Compliance with Right of Access by the Data Subject in Android Markets [5.598268459947247]
  The latest data protection regulations worldwide, such as the General Data Protection Regulation (RADS), have established the right to access personal data. RADS grants users the right to obtain a copy of their personal data from personal data controllers. There is currently no research systematically examining whether RADS has been effectively implemented in mobile apps.
  arXiv  Detail & Related papers  (2024-10-16T11:23:26Z)
• PrivacyLens: Evaluating Privacy Norm Awareness of Language Models in Action [54.11479432110771]
  PrivacyLens is a novel framework designed to extend privacy-sensitive seeds into expressive vignettes and further into agent trajectories. We instantiate PrivacyLens with a collection of privacy norms grounded in privacy literature and crowdsourced seeds. State-of-the-art LMs, like GPT-4 and Llama-3-70B, leak sensitive information in 25.68% and 38.69% of cases, even when prompted with privacy-enhancing instructions.
  arXiv  Detail & Related papers  (2024-08-29T17:58:38Z)
• Honesty is the Best Policy: On the Accuracy of Apple Privacy Labels Compared to Apps' Privacy Policies [13.771909487087793]
  Apple introduced privacy labels in Dec. 2020 as a way for developers to report the privacy behaviors of their apps. While Apple does not validate labels, they also require developers to provide a privacy policy, which offers an important comparison point. We fine-tuned BERT-based language models to extract privacy policy features for 474,669 apps on the iOS App Store.
  arXiv  Detail & Related papers  (2023-06-29T16:10:18Z)
• ATLAS: Automatically Detecting Discrepancies Between Privacy Policies and Privacy Labels [2.457872341625575]
  We introduce the Automated Privacy Label Analysis System (ATLAS) ATLAS identifies possible discrepancies between mobile app privacy policies and their privacy labels. We find that, on average, apps have 5.32 such potential compliance issues.
  arXiv  Detail & Related papers  (2023-05-24T05:27:22Z)
• Is It a Trap? A Large-scale Empirical Study And Comprehensive Assessment of Online Automated Privacy Policy Generators for Mobile Apps [15.181098379077344]
  Automated Privacy Policy Generators can create privacy policies for mobile apps. Nearly 20.1% of privacy policies could be generated by existing APPGs. App developers must carefully select and use the appropriate APPGs to avoid potential pitfalls.
  arXiv  Detail & Related papers  (2023-05-05T04:08:18Z)
• Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
  We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
  arXiv  Detail & Related papers  (2023-04-06T05:20:16Z)
• Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA) [4.429726534947266]
  The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA. We compare the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies.
  arXiv  Detail & Related papers  (2023-04-03T13:02:49Z)
• Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
  In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
  arXiv  Detail & Related papers  (2021-12-28T16:21:31Z)
• A vision for global privacy bridges: Technical and legal measures for international data markets [77.34726150561087]
  Despite data protection laws and an acknowledged right to privacy, trading personal information has become a business equated with "trading oil" An open conflict is arising between business demands for data and a desire for privacy. We propose and test a vision of a personal information market with privacy.
  arXiv  Detail & Related papers  (2020-05-13T13:55:50Z)
• GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
  We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
  arXiv  Detail & Related papers  (2020-05-04T22:01:46Z)
• PGLP: Customizable and Rigorous Location Privacy through Policy Graph [68.3736286350014]
  We propose a new location privacy notion called PGLP, which provides a rich interface to release private locations with customizable and rigorous privacy guarantee. Specifically, we formalize a user's location privacy requirements using a textitlocation policy graph, which is expressive and customizable. Third, we design a private location trace release framework that pipelines the detection of location exposure, policy graph repair, and private trajectory release with customizable and rigorous location privacy.
  arXiv  Detail & Related papers  (2020-05-04T04:25:59Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.