Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android Apps
In an era marked by ubiquitous reliance on mobile applications for nearly every need, the opacity of apps’ behavior poses significant threats to their users’ privacy. Although major data protection regulations require apps to disclose their data practices transparently, previou...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10379677/ |
| _version_ | 1797243334399361024 |
|---|---|
| author | David Rodriguez Jose M. Del Alamo Celia Fernandez-Aller Norman Sadeh |
| author_facet | David Rodriguez Jose M. Del Alamo Celia Fernandez-Aller Norman Sadeh |
| author_sort | David Rodriguez |
| collection | DOAJ |
| description | In an era marked by ubiquitous reliance on mobile applications for nearly every need, the opacity of apps’ behavior poses significant threats to their users’ privacy. Although major data protection regulations require apps to disclose their data practices transparently, previous studies have pointed out difficulties in doing so. To further delve into this issue, this article describes an automated method to capture data-sharing practices in Android apps and assess their proper disclosure according to the EU General Data Protection Regulation. We applied the method to 9,000 random Android apps, unveiling an uncomfortable reality: over 80% of Android applications that transfer personal data off device potentially fail to meet GDPR transparency requirements. We further investigate the role of third-party libraries, shedding light on the source of this problem and pointing towards measures to address it. |
| first_indexed | 2024-03-08T14:40:17Z |
| format | Article |
| id | doaj.art-e22703ee9ffa40a18f9c52f264781b2f |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-04-24T18:53:28Z |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-e22703ee9ffa40a18f9c52f264781b2f2024-03-26T17:47:41ZengIEEEIEEE Access2169-35362024-01-01125256526910.1109/ACCESS.2024.334942510379677Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android AppsDavid Rodriguez0https://orcid.org/0000-0002-0911-4608Jose M. Del Alamo1https://orcid.org/0000-0002-6513-0303Celia Fernandez-Aller2https://orcid.org/0000-0002-0642-2058Norman Sadeh3https://orcid.org/0000-0003-4829-5533ETSI Telecomunicación, Universidad Politécnica de Madrid, Madrid, SpainETSI Telecomunicación, Universidad Politécnica de Madrid, Madrid, SpainETSI Sistemas Informáticos, Universidad Politécnica de Madrid, Madrid, SpainSchool of Computer Science, Carnegie Mellon University, Pittsburgh, PA, USAIn an era marked by ubiquitous reliance on mobile applications for nearly every need, the opacity of apps’ behavior poses significant threats to their users’ privacy. Although major data protection regulations require apps to disclose their data practices transparently, previous studies have pointed out difficulties in doing so. To further delve into this issue, this article describes an automated method to capture data-sharing practices in Android apps and assess their proper disclosure according to the EU General Data Protection Regulation. We applied the method to 9,000 random Android apps, unveiling an uncomfortable reality: over 80% of Android applications that transfer personal data off device potentially fail to meet GDPR transparency requirements. We further investigate the role of third-party libraries, shedding light on the source of this problem and pointing towards measures to address it.https://ieeexplore.ieee.org/document/10379677/Androidcompliance assessmentdata protectiondata transferdynamic analysisGDPR |
| spellingShingle | David Rodriguez Jose M. Del Alamo Celia Fernandez-Aller Norman Sadeh Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android Apps IEEE Access Android compliance assessment data protection data transfer dynamic analysis GDPR |
| title | Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android Apps |
| title_full | Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android Apps |
| title_fullStr | Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android Apps |
| title_full_unstemmed | Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android Apps |
| title_short | Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android Apps |
| title_sort | sharing is not always caring delving into personal data transfer compliance in android apps |
| topic | Android compliance assessment data protection data transfer dynamic analysis GDPR |
| url | https://ieeexplore.ieee.org/document/10379677/ |
| work_keys_str_mv | AT davidrodriguez sharingisnotalwayscaringdelvingintopersonaldatatransfercomplianceinandroidapps AT josemdelalamo sharingisnotalwayscaringdelvingintopersonaldatatransfercomplianceinandroidapps AT celiafernandezaller sharingisnotalwayscaringdelvingintopersonaldatatransfercomplianceinandroidapps AT normansadeh sharingisnotalwayscaringdelvingintopersonaldatatransfercomplianceinandroidapps |