Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Did App Privacy Improve After the GDPR?
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (PriSec)ORCID-id: 0000-0002-5235-5335
Goethe-Universität Frankfurt am Main, Germany.
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).ORCID-id: 0000-0002-0418-4121
2019 (engelsk)Inngår i: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 17, nr 6, s. 10-20Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

In this article, we present an analysis of app behavior before and after the regulatory change in dataprotection in Europe. Our data shows that app privacy has moderately improved after the implementationof the General Data Protection Regulation.

In May 2018, stronger regulation of the processingof personal data became law in the EuropeanUnion, known as the General Data Protection Regulation(GDPR).1 The expected effect of the regulation was betterprotection of personal data, increased transparencyof collection and processing, and stronger interventionrights of data subjects, with some authors claiming thatthe GDPR would change the world, or at least that ofdata protection regulation.2 The GDPR had a two-year(2016–2018) implementation period that followedfour years of preparation. At the time of this writing,in November 2019, one and one-half years have passedsince the implementation of GDPR.Has the GDPR had an effect on consumer software?Has the world of code changed too? Did theGDPR have a measurable effect on mobile apps’behavior? How should such a change in behavior bemeasured?In our study, we decided to use two indicators for measurement:Android dangerous permission16 privileges anduser feedback from the Google Play app market. We collecteddata from smartphones with an installed app set formonths before GDPR implementation on 25 May 2018and months after that date.

sted, utgiver, år, opplag, sider
IEEE, 2019. Vol. 17, nr 6, s. 10-20
Emneord [en]
privay, gdpr, apps, smartphones, personal data access, survey
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-75508DOI: 10.1109/MSEC.2019.2938445ISI: 000494416500003OAI: oai:DiVA.org:kau-75508DiVA, id: diva2:1367339
Prosjekter
AlertPrivacy&UsTilgjengelig fra: 2019-11-03 Laget: 2019-11-03 Sist oppdatert: 2020-08-11bibliografisk kontrollert
Inngår i avhandling
1. Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
Åpne denne publikasjonen i ny fane eller vindu >>Measuring Apps' Privacy-Friendliness: Introducing transparency to apps' data access behavior
2020 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device, such as its cameras and other types of sensors. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data. As the mobile device is also equipped with several means to transmit the collected data, such as WiFi and 4G, it brings further concerns about individuals' privacy.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Depending on the type of privilege, apps require explicit approval from the user in order to acquire access to them through permissions. Nonetheless, granting permission does not put constraints on the access frequency. Granted privileges allow the app to access users' personal data for a long period of time, typically until the user explicitly revokes the access. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access. Such circumstances can erode intervenability from the interface of the phone, lead to incomprehensible handling of personal data, and thus, create privacy risks for the user.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services. We introduce models, methods, and demonstrate the data disclosure risks with experimental results. Finally, we show how to communicate privacy risks through the user interface by taking the results of app behavior analyses into account.

Abstract [en]

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services.

sted, utgiver, år, opplag, sider
Karlstads universitet, 2020. s. 218
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2020:24
Emneord
Mobile Apps, User data, Transparency, Privacy, Data protection
HSV kategori
Forskningsprogram
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-79308 (URN)978-91-7867-132-8 (ISBN)978-91-7867-137-3 (ISBN)
Disputas
2020-10-09, 9C203, Universitetsgatan 2, Karlstad, 09:15 (engelsk)
Opponent
Veileder
Tilgjengelig fra: 2020-09-09 Laget: 2020-08-11 Sist oppdatert: 2020-09-09bibliografisk kontrollert

Open Access i DiVA

fulltext(592 kB)1448 nedlastinger
Filinformasjon
Fil FULLTEXT03.pdfFilstørrelse 592 kBChecksum SHA-512
677debcce97666f7d2dd51885b402721442c8fff11ee721707bdd7429c5a9131ca12e23efaf3e3d47a9d452a70bb57098ecd702729770ab198143d2efcf60bda
Type fulltextMimetype application/pdf

Andre lenker

Forlagets fulltekst

Person

Momen, NurulFritsch, Lothar

Søk i DiVA

Av forfatter/redaktør
Momen, NurulFritsch, Lothar
Av organisasjonen
I samme tidsskrift
IEEE Security and Privacy

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 1466 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 4005 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf