Before and after China's new Data Laws: Privacy in Apps
- URL: http://arxiv.org/abs/2302.13585v3
- Date: Thu, 2 Mar 2023 10:04:14 GMT
- Title: Before and after China's new Data Laws: Privacy in Apps
- Authors: Konrad Kollnig and Lu Zhang and Jun Zhao and Nigel Shadbolt
- Abstract summary: China introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021.
This paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021.
- Score: 19.522100625844413
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Privacy in apps is a topic of widespread interest because many apps collect
and share large amounts of highly sensitive information. In response, China
introduced a range of new data protection laws over recent years, notably the
Personal Information Protection Law (PIPL) in 2021. So far, there exists
limited research on the impacts of these new laws on apps' privacy practices.
To address this gap, this paper analyses data collection in pairs of 634
Chinese iOS apps, one version from early 2020 and one from late 2021. Our work
finds that many more apps now implement consent. Yet, those end-users that
decline consent will often be forced to exit the app. Fewer apps now collect
data without consent but many still integrate tracking libraries. We see our
findings as characteristic of a first iteration at Chinese data regulation with
room for improvement.
Related papers
- SoK: The Gap Between Data Rights Ideals and Reality [46.14715472341707]
Do rights-based privacy laws effectively empower individuals over their data?
This paper scrutinizes these approaches by reviewing empirical studies, news articles, and blog posts.
arXiv Detail & Related papers (2023-12-03T21:52:51Z) - ATLAS: Automatically Detecting Discrepancies Between Privacy Policies
and Privacy Labels [2.457872341625575]
We introduce the Automated Privacy Label Analysis System (ATLAS)
ATLAS identifies possible discrepancies between mobile app privacy policies and their privacy labels.
We find that, on average, apps have 5.32 such potential compliance issues.
arXiv Detail & Related papers (2023-05-24T05:27:22Z) - Priorities for more effective tech regulation [3.8073142980733]
Report proposes a range of priorities for regulators, academia and the interested public in order to move beyond the status quo.
Current legal practice will not be enough to meaningfully tame egregious data practices.
arXiv Detail & Related papers (2023-02-27T16:53:05Z) - Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy
Labels [25.30364629335751]
Apple introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels.
This paper addresses the impact of these changes on individual privacy and control by analysing two versions of 1,759 iOS apps from the UK App Store.
We find that Apple itself engages in some forms of tracking and exempts invasive data practices like first-party tracking and credit scoring.
arXiv Detail & Related papers (2022-04-07T16:32:58Z) - Analysis of Longitudinal Changes in Privacy Behavior of Android
Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy.
We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers.
We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z) - Tracking in apps' privacy policies [3.8073142980733]
We analysed privacy policies from 26,910 mobile apps in May 2019.
52 developers of apps did not provide privacy policy and asked them about data practices.
Despite being legally required to answer such queries, 12 developers (23%) failed to respond.
arXiv Detail & Related papers (2021-11-15T16:03:59Z) - Robbing the Fed: Directly Obtaining Private Data in Federated Learning
with Modified Models [56.0250919557652]
Federated learning has quickly gained popularity with its promises of increased user privacy and efficiency.
Previous attacks on user privacy have been limited in scope and do not scale to gradient updates aggregated over even a handful of data points.
We introduce a new threat model based on minimal but malicious modifications of the shared model architecture.
arXiv Detail & Related papers (2021-10-25T15:52:06Z) - Emerging App Issue Identification via Online Joint Sentiment-Topic
Tracing [66.57888248681303]
We propose a novel emerging issue detection approach named MERIT.
Based on the AOBST model, we infer the topics negatively reflected in user reviews for one app version.
Experiments on popular apps from Google Play and Apple's App Store demonstrate the effectiveness of MERIT.
arXiv Detail & Related papers (2020-08-23T06:34:05Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - Beyond privacy regulations: an ethical approach to data usage in
transportation [64.86110095869176]
We describe how Federated Machine Learning can be applied to the transportation sector.
We see Federated Learning as a method that enables us to process privacy-sensitive data, while respecting customer's privacy.
arXiv Detail & Related papers (2020-04-01T15:10:12Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.