Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications

2015 ◽  
pp. 61-79 ◽  
Author(s):  
Agostino Cortesi ◽  
Pietro Ferrara ◽  
Marco Pistoia ◽  
Omer Tripp
Keyword(s):  
Mobile Applications ◽  
Privacy Policy ◽  
Policy Compliance

scholarly journals CAP-A: A Suite of Tools for Data Privacy Evaluation of Mobile Applications

2020 ◽  
Author(s):  
Ioannis Chrysakis ◽  
Giorgos Flouris ◽  
George Ioannidis ◽  
Maria Makridaki ◽  
Theodore Patkos ◽  
...  
Keyword(s):  
Mobile Applications ◽  
Data Privacy ◽  
Mobile Apps ◽  
Personal Data ◽  
Privacy Policy ◽  
Policy Makers ◽  
Policy Documents ◽  
The Public

The utilisation of personal data by mobile apps is often hidden behind vague Privacy Policy documents, which are typically lengthy, difficult to read (containing legal terms and definitions) and frequently changing. This paper discusses a suite of tools developed in the context of the CAP-A project, aiming to harness the collective power of users to improve their privacy awareness and to promote privacy-friendly behaviour by mobile apps. Through crowdsourcing techniques, users can evaluate the privacy friendliness of apps, annotate and understand Privacy Policy documents, and help other users become aware of privacy-related aspects of mobile apps and their implications, whereas developers and policy makers can identify trends and the general stance of the public in privacy-related matters. The tools are available for public use in: https://cap-a.eu/tools/.

Abstract P201: Evaluating Data Sharing And Privacy Policies Of Diabetes Mobile Apps: Where Is The Data Going?

Hypertension ◽  
2020 ◽  
Vol 76 (Suppl_1) ◽  
Author(s):  
Khaled Abdelrahman ◽  
Josh Bilello ◽  
Megna Panchbhavi ◽  
Mohammed S Abdullah
Keyword(s):  
Data Sharing ◽  
Mobile Applications ◽  
Mobile Apps ◽  
Third Party ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Privacy Concerns ◽  
App Store ◽  
User Data ◽  
Do So

Introduction: Diabetes mobile applications (apps) that help patients monitor disease have led to privacy concerns. We aimed to assess privacy policies for diabetes mobile applications with a focus on data transmission to outside parties. Methods: The App Store was used to gather apps pertaining to diabetes by searching “diabetes” and “blood sugar”. Two readers evaluated privacy policies (PP) including data sharing and storing techniques for mention of 27 predetermined criteria. All network traffic generated while loading and using the app was intercepted by a man-in-the-middle attack to listen to data delivered between the sender and receiver of data transmissions. A packet analyzer determined contents of transmission, where data was sent, and if transmission contained user data. Results: Of 35 apps evaluated, 29 (83%) had PP. The most frequent transmission destinations were Google (n=130 transmissions), Kamai Technologies (n=53), Facebook (n=38) and Amazon (n=33). 35 of 35 apps (100%) were transmitting data to a third party. 2 of 2 (100%) of those who had a privacy policy without mention of a third party transmitted data to a third party. 8 of 8 (100%) apps who mentioned they would not transmit to a third party were found to do so. 19 of 19 (100%) apps who mentioned they would transmit data to a third party were found to do so. All apps (n=6) without a privacy policy were found to be transmitting data to a third party. Conclusion: Most diabetes apps on the App store have accessible PP. All apps evaluated transmitted data to a third party, even when the policy stated this would not occur. As mobile applications are increasingly utilized by patients, it is important to warn of privacy implications.

Sign in / Sign up

Export Citation Format

Share Document