Beyond Permissions: An Empirical Static Analysis of Privacy and Security Risks in Children-Oriented and General-Audience Mobile Apps for Gaming

• URL: http://arxiv.org/abs/2602.10877v1
• Date: Wed, 11 Feb 2026 14:06:03 GMT
• Title: Beyond Permissions: An Empirical Static Analysis of Privacy and Security Risks in Children-Oriented and General-Audience Mobile Apps for Gaming
• Authors: Bakheet Aljedaani,
• Abstract summary: This study contributes a holistic static assessment of privacy exposure in mobile games.<n>It provides actionable insights for developers, platform providers, and researchers seeking to improve privacy-by-design practices in mobile applications.
• Score: 0.40611352512781873
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Mobile gaming applications (apps) have become increasingly pervasive, including a growing number of games designed for children. Despite their popularity, these apps often integrate complex analytics, advertising, and attribution infrastructures that may introduce privacy and security risks. Existing research has primarily focused on tracking behaviors or monetization models, leaving configuration-level privacy exposure and children-oriented apps underexplored. In this study, we conducted a comparative static analysis of Android mobile games to investigate privacy and security risks beyond permission usage. The analysis follows a three-phase methodology comprising (i) designing study protocol, (ii) Android Package Kit (APK) collection and static inspection, and (iii) data analysis. We examined permissions, manifest-level configuration properties (e.g., backup settings, cleartext network traffic, and exported components), and embedded third-party Software Development Kit (SDK) ecosystems across children-oriented and general-audience mobile games. The extracted indicators are synthesized into qualitative privacy-risk categories to support comparative reporting. The results showed that while children-oriented games often request fewer permissions, they frequently exhibit configuration-level risks and embed third-party tracking SDKs similar to general-audience games. Architectural and configuration decisions play a critical role in shaping privacy risks, particularly for apps targeting children. This study contributes a holistic static assessment of privacy exposure in mobile games and provides actionable insights for developers, platform providers, and researchers seeking to improve privacy-by-design practices in mobile applications.

Related papers

• mopri - An Analysis Framework for Unveiling Privacy Violations in Mobile Apps [0.24249102011714066]
  mopri is a conceptual framework designed for analyzing the behavior of mobile apps through a comprehensive, adaptable, and user-centered approach.<n>A prototype has been developed which effectively extracts permissions and tracking libraries while employing robust methods for dynamic traffic recording and decryption.
  arXiv  Detail & Related papers  (2026-02-03T15:52:31Z)
• SoK: Privacy Risks and Mitigations in Retrieval-Augmented Generation Systems [53.51921540246166]
  Retrieval-Augmented Generation (RAG) techniques have become widely popular.<n>RAG involves the coupling of Large Language Models (LLMs) with domain-specific knowledge bases.<n>The proliferation of RAG has sparked concerns about data privacy.
  arXiv  Detail & Related papers  (2026-01-07T14:50:41Z)
• A First Look at Privacy Risks of Android Task-executable Voice Assistant Applications [2.865294888425256]
  This paper presents a user-centric comprehensive empirical study on privacy risks in Android task-executable VA applications.<n>We cross-check their privacy declarations across six sources, including privacy labels, policies, and manifest files.<n>We uncover three significant privacy threat models: (1) privacy misdisclosure in mega apps, where integrated mini apps such as Alexa skills are inadequately represented; (2) privilege escalation via inter-application interactions, which exploit Android's communication mechanisms to bypass user consent; and (3) abuse of Google system applications, enabling apps to evade the declaration of dangerous permissions.
  arXiv  Detail & Related papers  (2025-09-28T06:47:06Z)
• Bridging the Mobile Trust Gap: A Zero Trust Framework for Consumer-Facing Applications [51.56484100374058]
  This paper proposes an extended Zero Trust model designed for mobile applications operating in untrusted, user-controlled environments.<n>Using a design science methodology, the study introduced a six-pillar framework that supports runtime enforcement of trust.<n>The proposed model offers a practical and standards-aligned approach to securing mobile applications beyond pre-deployment controls.
  arXiv  Detail & Related papers  (2025-08-20T18:42:36Z)
• LLMs on support of privacy and security of mobile apps: state of the art and research directions [1.5293427903448022]
  Security and privacy risks still threaten users of mobile apps.<n>We explore the application of Large Language Models to identify security risks and privacy violations.<n>We present an approach to detect sensitive data leakage when users share images online.
  arXiv  Detail & Related papers  (2025-06-13T11:17:15Z)
• Assessing Privacy Compliance of Android Third-Party SDKs [16.975384208528972]
  Third-party Software Development Kits (SDKs) are widely adopted in Android app development.<n>This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information.<n>Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
  arXiv  Detail & Related papers  (2024-09-16T15:44:43Z)
• Privacy Risks of General-Purpose AI Systems: A Foundation for Investigating Practitioner Perspectives [47.17703009473386]
  Powerful AI models have led to impressive leaps in performance across a wide range of tasks. Privacy concerns have led to a wealth of literature covering various privacy risks and vulnerabilities of AI models. We conduct a systematic review of these survey papers to provide a concise and usable overview of privacy risks in GPAIS.
  arXiv  Detail & Related papers  (2024-07-02T07:49:48Z)
• "Glue pizza and eat rocks" -- Exploiting Vulnerabilities in Retrieval-Augmented Generative Models [74.05368440735468]
  Retrieval-Augmented Generative (RAG) models enhance Large Language Models (LLMs) In this paper, we demonstrate a security threat where adversaries can exploit the openness of these knowledge bases.
  arXiv  Detail & Related papers  (2024-06-26T05:36:23Z)
• An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives [46.995904896724994]
  This paper develops a security and privacy assessment tool, namely the VR-SP detector for VR apps. Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps. We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps.
  arXiv  Detail & Related papers  (2024-02-21T13:53:25Z)
• Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
  In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
  arXiv  Detail & Related papers  (2021-12-28T16:21:31Z)
• "Money makes the world go around'': Identifying Barriers to Better Privacy in Children's Apps From Developers' Perspectives [28.40988446675355]
  The industry for children's apps is thriving at the cost of children's privacy. These apps routinely disclose children's data to multiple data trackers and ad networks. We used a mixed-methods approach to investigate why this is happening and how developers might change their practices.
  arXiv  Detail & Related papers  (2021-11-29T15:27:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.