From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android

• URL: http://arxiv.org/abs/2407.14938v2
• Date: Mon, 16 Sep 2024 14:53:06 GMT
• Title: From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android
• Authors: Sebastian Zimmeck, Nishant Aggarwal, Zachary Liu, Konrad Kollnig,
• Abstract summary: The California Consumer Privacy Act (CCPA) gives user an opt-out right via Global Privacy Control (GPC) Our analysis shows that neither the AdID setting nor GPC effectively prevents the selling and sharing of personal information in California. To mitigate this shortcoming, Android's AdID setting should be evolved towards a universal GPC setting.
• Score: 2.8436446946726557
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Apps and their integrated third-party libraries often collect personal information from Android users for personalizing ads. This practice can be privacy-invasive. Users can limit ad tracking on Android via the AdID setting; further, the California Consumer Privacy Act (CCPA) gives user an opt-out right via Global Privacy Control (GPC). However, neither of these two privacy controls have been studied before as to whether they help Android users exercise their legally mandated opt-out right. In response, we evaluate how many Android apps are subject to the CCPA opt-out right and find it applicable to approximately 70% of apps on the top free app lists of the US Google Play Store. Our dynamic analysis of 1,811 apps from these lists shows that neither the AdID setting nor GPC effectively prevents the selling and sharing of personal information in California. For example, when disabling the AdID and sending GPC signals to the most common ad tracking domain in our dataset that implements the US Privacy String, only 4% of apps connecting to the domain indicate the opt-out status. To mitigate this shortcoming, Android's AdID setting should be evolved towards a universal GPC setting as part of Google's Privacy Sandbox.

Related papers

• A Large-Scale Privacy Assessment of Android Third-Party SDKs [17.245330733308375]
  Third-party Software Development Kits (SDKs) are widely adopted in Android app development. This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information. Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
  arXiv  Detail & Related papers  (2024-09-16T15:44:43Z)
• PrivacyLens: Evaluating Privacy Norm Awareness of Language Models in Action [54.11479432110771]
  PrivacyLens is a novel framework designed to extend privacy-sensitive seeds into expressive vignettes and further into agent trajectories. We instantiate PrivacyLens with a collection of privacy norms grounded in privacy literature and crowdsourced seeds. State-of-the-art LMs, like GPT-4 and Llama-3-70B, leak sensitive information in 25.68% and 38.69% of cases, even when prompted with privacy-enhancing instructions.
  arXiv  Detail & Related papers  (2024-08-29T17:58:38Z)
• Mind the Privacy Unit! User-Level Differential Privacy for Language Model Fine-Tuning [62.224804688233]
  differential privacy (DP) offers a promising solution by ensuring models are 'almost indistinguishable' with or without any particular privacy unit. We study user-level DP motivated by applications where it necessary to ensure uniform privacy protection across users.
  arXiv  Detail & Related papers  (2024-06-20T13:54:32Z)
• The Privacy-Value-App Relationship and the Value-Centered Privacy Assistant [3.885316081594592]
  We aim to better understand the relationship between our values, our privacy preferences, and our app choices. We explore the effectiveness of a smartphone value-centered privacy assistant (VcPA) at promoting value-centered app selection.
  arXiv  Detail & Related papers  (2023-08-10T17:04:12Z)
• Is It a Trap? A Large-scale Empirical Study And Comprehensive Assessment of Online Automated Privacy Policy Generators for Mobile Apps [15.181098379077344]
  Automated Privacy Policy Generators can create privacy policies for mobile apps. Nearly 20.1% of privacy policies could be generated by existing APPGs. App developers must carefully select and use the appropriate APPGs to avoid potential pitfalls.
  arXiv  Detail & Related papers  (2023-05-05T04:08:18Z)
• Privacy Explanations - A Means to End-User Trust [64.7066037969487]
  We looked into how explainability might help to tackle this problem. We created privacy explanations that aim to help to clarify to end users why and for what purposes specific data is required. Our findings reveal that privacy explanations can be an important step towards increasing trust in software systems.
  arXiv  Detail & Related papers  (2022-10-18T09:30:37Z)
• Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
  In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
  arXiv  Detail & Related papers  (2021-12-28T16:21:31Z)
• Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps [25.30364629335751]
  We present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. Third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law.
  arXiv  Detail & Related papers  (2021-09-28T13:40:32Z)
• Private Reinforcement Learning with PAC and Regret Guarantees [69.4202374491817]
  We design privacy preserving exploration policies for episodic reinforcement learning (RL) We first provide a meaningful privacy formulation using the notion of joint differential privacy (JDP) We then develop a private optimism-based learning algorithm that simultaneously achieves strong PAC and regret bounds, and enjoys a JDP guarantee.
  arXiv  Detail & Related papers  (2020-09-18T20:18:35Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.