Search Results

1 - 10 of 46 items :

  • "Privacy policy" x
Clear All

Artifact https://github.com/wi-pi/GDPR References [1] W. F. Adkinson, J. A. Eisenach, and T. M. Lenard, “Privacy online: A report on the information practices and policies of commercial web sites,” Progress and Freedom Foundation , 2002. [2] E. AI. [Online]. Available: https://spacy.io/ [3] A. I. Anton, J. B. Earp, Q. He, W. Stufflebeam, D. Bolchini, and C. Jensen, “Financial privacy policies and the need for standardization,” IEEE Security & privacy , vol. 2, no. 2, pp. 36–45, 2004. [4] A. I. Antón, J. B. Earp, and A. Reese, “Analyzing website privacy

., Reaves, B., Sherman, I. N., Traynor, P., and Butler, K. (2017). Regulators, mount up! analysis of privacy policies for mobile money services. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) , pages 97–114. [8] Brunton, F. and Nissenbaum, H. (2015). Obfuscation: A user’s guide for privacy and protest . Mit Press. [9] Burkell, J. and Fortier, A. (2013). Privacy policy disclosures of behavioural tracking on consumer health websites. In Proceedings of the 76th ASIS&T Annual Meeting: Beyond the Cloud: Rethinking Information Boundaries , page 56

References [1] Advanced Micro Devices. Secure Encrypted Virtualization API Version 0.17. Technical preview, Advanced Micro Devices, 2018. URL https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf . [2] Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In 28th USENIX Security Symposium , pages 585–602, Santa Clara, CA, August 2019. USENIX Association. URL https

profiling: Privacy and Chinese legislation on the social credit system, The Journal of Comparative Law , 12(2): 356–378, 2017. [14] China Internet Network Information Center (CCNIC), The 45th China Statistical Report on Internet Development , April 2020. (in Chinese) [15] M. Chorzempa, P. Triolo, S. Sacks, China’s social credit system: A mark of progress or a threat to privacy?, Policy Briefs PB18-14, Peterson Institute for International Economics , 2018. [16] Credit Reference Center, An Operation Report of Credit System Construction (2004-2014) , The People’s Bank of

. Hong, and L. F. Cranor, “The privacy and security behaviors of smartphone app developers,” in USEC ’14 , 2014. [4] S. Bird, E. Klein, and E. Loper, “Natural language processing with python,” 2014, accessed: June 28, 2019. [Online]. Available: http://www.nltk.org/book/ch11.html [5] J. Bowers, B. Reaves, I. N. Sherman, P. Traynor, and K. R. B. Butler, “Regulators, mount up! Analysis of privacy policies for mobile money services,” in SOUPS ’17 , 2017. [6] California Department of Justice, “Attorney General Kamala D. Harris secures global agreement to strengthen

Privacy Enhancing Technologies , 2016(2):100–114, 2016. [53] Carlos Jensen and Colin Potts. Privacy policies as decision-making tools: an evaluation of online privacy notices. In SIGCHI . ACM, 2004. [54] Kiddoware. Kiddoware homepage. https://kiddoware.com/ . [55] Li Li, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. Iccta: Detecting inter-component privacy leaks in android apps. In ICSE ’15 , pages 280–291, 2015. [56] Sonia Livingstone, Leslie Haddon, Anke

Computer & Communications Security, CCS ’13, pages 1141-1152, New York, NY, USA, 2013. ACM. [21] C. Jensen and C. Potts. Privacy Policies As Decision-making Tools: An Evaluation of Online Privacy Notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’04, pages 471-478, New York, NY, USA, 2004. ACM. [22] C. Jensen, C. Potts, and C. Jensen. Privacy practices of internet users: Self-reports versus observed behavior. International Journal of Human-Computer Studies, 63(1-2):203-227, 2005. {HCI} research in privacy and security. [23] J

Abstract

The prevalence of mobile devices and their capability to access high speed internet has transformed them into a portable pocket cloud interface. Being home to a wide range of users’ personal data, mobile devices often use cloud servers for storage and processing. The sensitivity of a user’s personal data demands adequate level of protection at the back-end servers. In this regard, the European Union Data Protection regulations (e.g., article 25.1) impose restriction on the locations of European users’ personal data transfer. The matter of concern, however, is the enforcement of such regulations. The first step in this regard is to analyze mobile apps and identify the location of servers to which personal data is transferred. To this end, we design and implement an app analysis tool, PDTLoc (Personal Data Transfer Location Analyzer), to detect violation of the mentioned regulations. We analyze 1, 498 most popular apps in the EEA using PDTLoc to investigate the data recipient server locations. We found that 16.5% (242) of these apps transfer users’ personal data to servers located at places outside Europe without being under the control of a data protection framework. Moreover, we inspect the privacy policies of the apps revealing that 51% of these apps do not provide any privacy policy while almost all of them contact the servers hosted outside Europe.

Abstract

It is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.

Software, 2015. [4] Amplitude, Inc. Privacy policy. https://amplitude.com/privacy, February 12 2017. Accessed: September 29, 2017. [5] Appboy, Inc. Terms of Service. https://www.appboy.com/legal/, September 1 2017. Accessed: September 29, 2017. [6] Appnext Ltd. Terms & conditions - publishers. https://www.appnext.com/terms-conditions/, October 1 2017. Accessed: September 29, 2017. [7] K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. PScout: Analyzing Android Permission Specification. In Proc. of ACM CCS, 2012. [8] C. Babel. Protecting kids’ privacy - an ever