Leave my apps alone!

Scoccia, Gian Luca; Kanj, Ibrahim; Malavolta, Ivano; Razavi, Kaveh

doi:10.1145/3387905.3388594

Cited by 4 publications

(2 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The set of apps installed is also more likely to be unique to one handset, or a small number of handsets, and so can act as a device fingerprint (especially when combined with device hardware/system configuration data). See, for example, [ 15 , 16 , 25 – 27 ] for recent analyses of such privacy risks. We note that in light of such concerns, Google recently categorised the list of apps installed as “personal and sensitive user data” and introduced restrictions on Play Store apps collection of this data [ 28 ], but such restrictions do not apply to system apps since these are not installed via the Google Play store.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

On the data privacy practices of Android OEMs

2023

View full text Add to dashboard Cite

In this paper we present the first in-depth measurement study looking at the data privacy practices of the proprietary variants of the Android OS produced by Samsung, Xiaomi, Huawei and Realme. We address two questions: how are identifiers used in network connections and what types of data are transmitted. To answer these, we decrypt and decode the network traffic transmitted by a range of Android handsets. We find that all of the OEMs make undue use of long-lived hardware identifiers such as the hardware serial number, handset IMEI and so fail to follow best privacy practice. Hardware identifiers are also linked to the handset user’s real identity when they sign in to an OEM account on the handset. All of the OEMs collect the list of apps installed in a handset. This is a privacy concern since the list of installed apps can be used to profile user traits and preferences. All of the OEMs collect analytics/telemetry data, raising obvious privacy concerns.

show abstract

Section: Resultsmentioning

confidence: 99%

“…One example of potentially sensitive metadata is the list of apps installed on a handset. This can reveal user interests and traits [ 15 , 16 ]. The list of apps can also acts as a handset fingerprint, unique to only a small number of handsets, and so be used for tracking.…”

Section: Threat Model: What Is Meant By Privacy?mentioning

confidence: 99%

On the data privacy practices of Android OEMs

2023

View full text Add to dashboard Cite

show abstract

Mobile Voting – Still Too Risky?

Heiberg

Krips

Willemson

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Temporal and cultural limits of privacy in smartphone app usage

Sekara

Alessandretti

Mones

et al. 2021

Sci Rep

View full text Add to dashboard Cite

Large-scale collection of human behavioural data by companies raises serious privacy concerns. We show that behaviour captured in the form of application usage data collected from smartphones is highly unique even in large datasets encompassing millions of individuals. This makes behaviour-based re-identification of users across datasets possible. We study 12 months of data from 3.5 million people from 33 countries and show that although four apps are enough to uniquely re-identify 91.2% of individuals using a simple strategy based on public information, there are considerable seasonal and cultural variations in re-identification rates. We find that people have more unique app-fingerprints during summer months making it easier to re-identify them. Further, we find significant variations in uniqueness across countries, and reveal that American users are the easiest to re-identify, while Finns have the least unique app-fingerprints. We show that differences across countries can largely be explained by two characteristics of the country specific app-ecosystems: the popularity distribution and the size of app-fingerprints. Our work highlights problems with current policies intended to protect user privacy and emphasizes that policies cannot directly be ported between countries. We anticipate this will nuance the discussion around re-identifiability in digital datasets and improve digital privacy.

show abstract

Leave my apps alone!

Cited by 4 publications

References 38 publications

On the data privacy practices of Android OEMs

On the data privacy practices of Android OEMs

Mobile Voting – Still Too Risky?

Temporal and cultural limits of privacy in smartphone app usage

Contact Info

Product

Resources

About