Related papers: From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android

From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android

URL: http://arxiv.org/abs/2407.14938v2
Date: Mon, 16 Sep 2024 14:53:06 GMT
Title: From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android
Authors: Sebastian Zimmeck, Nishant Aggarwal, Zachary Liu, Konrad Kollnig,
Abstract summary: The California Consumer Privacy Act (CCPA) gives user an opt-out right via Global Privacy Control (GPC) Our analysis shows that neither the AdID setting nor GPC effectively prevents the selling and sharing of personal information in California. To mitigate this shortcoming, Android's AdID setting should be evolved towards a universal GPC setting.
Score: 2.8436446946726557
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Apps and their integrated third-party libraries often collect personal information from Android users for personalizing ads. This practice can be privacy-invasive. Users can limit ad tracking on Android via the AdID setting; further, the California Consumer Privacy Act (CCPA) gives user an opt-out right via Global Privacy Control (GPC). However, neither of these two privacy controls have been studied before as to whether they help Android users exercise their legally mandated opt-out right. In response, we evaluate how many Android apps are subject to the CCPA opt-out right and find it applicable to approximately 70% of apps on the top free app lists of the US Google Play Store. Our dynamic analysis of 1,811 apps from these lists shows that neither the AdID setting nor GPC effectively prevents the selling and sharing of personal information in California. For example, when disabling the AdID and sending GPC signals to the most common ad tracking domain in our dataset that implements the US Privacy String, only 4% of apps connecting to the domain indicate the opt-out status. To mitigate this shortcoming, Android's AdID setting should be evolved towards a universal GPC setting as part of Google's Privacy Sandbox.

Related papers

A Large-Scale Privacy Assessment of Android Third-Party SDKs [17.245330733308375]
Third-party Software Development Kits (SDKs) are widely adopted in Android app development. This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information. Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
arXiv Detail & Related papers (2024-09-16T15:44:43Z)
Why am I Still Seeing This: Measuring the Effectiveness Of Ad Controls and Explanations in AI-Mediated Ad Targeting Systems [55.02903075972816]
We evaluate the effectiveness of Meta's "See less" ad control and the actionability of ad targeting explanations following the shift to AI-mediated targeting. We find that utilizing the "See less" ad control for the topics we study does not significantly reduce the number of ads shown by Meta on these topics. We find that the majority of ad targeting explanations for local ads made no reference to location-specific targeting criteria.
arXiv Detail & Related papers (2024-08-21T18:03:11Z)
Privacy Policies and Consent Management Platforms: Growth and Users' Interactions over Time [4.356242302111725]
Consent platforms (CMPs) have emerged as practical solutions to make it easier for website administrators to manage user consent. This paper presents a detailed analysis of the evolution of CMPs spanning nine years. We observe how even small changes in the design of Privacy Banners have a critical impact on the user's giving or denying their consent to data collection.
arXiv Detail & Related papers (2024-02-28T13:36:27Z)
Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
arXiv Detail & Related papers (2023-04-06T05:20:16Z)
Privacy Explanations - A Means to End-User Trust [64.7066037969487]
We looked into how explainability might help to tackle this problem. We created privacy explanations that aim to help to clarify to end users why and for what purposes specific data is required. Our findings reveal that privacy explanations can be an important step towards increasing trust in software systems.
arXiv Detail & Related papers (2022-10-18T09:30:37Z)
Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels [25.30364629335751]
Apple introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels. This paper addresses the impact of these changes on individual privacy and control by analysing two versions of 1,759 iOS apps from the UK App Store. We find that Apple itself engages in some forms of tracking and exempts invasive data practices like first-party tracking and credit scoring.
arXiv Detail & Related papers (2022-04-07T16:32:58Z)
Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z)
Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps [25.30364629335751]
We present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. Third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law.
arXiv Detail & Related papers (2021-09-28T13:40:32Z)
A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps [27.58278290929534]
Third-party tracking allows companies to collect users' behavioural data and track their activity across digital devices. This can put deep insights into users' private lives into the hands of strangers, and often happens without users' awareness or explicit consent. This paper investigates whether and to what extent consent is implemented in mobile apps.
arXiv Detail & Related papers (2021-06-17T11:44:49Z)
An Empirical Study of In-App Advertising Issues Based on Large Scale App Review Analysis [67.58267006314415]
We present a large-scale analysis on ad-related user feedback from App Store and Google Play. From a statistical analysis of 36,309 ad-related reviews, we find that users care most about the number of unique ads and ad display frequency during usage. Some ad issue types are addressed more quickly by developers than other ad issues.
arXiv Detail & Related papers (2020-08-22T05:38:24Z)
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.