Third-party libraries in mobile apps

BACKGROUND Mobile apps and IoT-enabled smartphones technologies facilitate collecting, sharing, and inferring from a vast amount of data about individuals’ location, health conditions, mobility status, and other factors. The use of such technology highlights the importance of understanding individuals’ privacy concerns to design applications that integrate their privacy expectations and requirements. OBJECTIVE This paper explores, assesses, and predicts individuals’ privacy concerns in relation to collecting and disclosing data on mobile health apps. METHODS We designed a questionnaire to identify participants’ privacy concerns pertaining to a set of 432 mobile apps’ data collection and sharing scenarios. Participants were presented with 27 scenarios that varied across three categorical factors: (1) type of data collected (e.g. health, demographic, behavioral, and location); (2) data sharing (e.g., whether it is shared, and for what purpose); and, (3) retention rate (e.g., forever, until the purpose is satisfied, unspecified, week, or year). RESULTS Our findings show that type of data, data sharing, and retention rate are all factors that affect individuals’ privacy concerns. However, specific factors such as collecting and disclosing health data to a third-party tracker play a larger role than other factors in triggering privacy concerns. CONCLUSIONS Our findings suggest that it is possible to predict privacy concerns based on these three factors. We propose design approaches that can improve users’ awareness and control of their data on mobile applications

Download Full-text

Poor Coding Leads to DoS Attack and Security Issues in Web Applications for Sensors

Security and Communication Networks ◽

10.1155/2021/5523806 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Khuda Bux Jalbani ◽

Muhammad Yousaf ◽

Muhammad Shahzad Sarfraz ◽

Rozita Jamili Oskouei ◽

Akhtar Hussain ◽

...

Keyword(s):

Web Application ◽

Web Applications ◽

Mobile Apps ◽

Denial Of Service ◽

Mobile App ◽

Business Community ◽

Third Party ◽

Sql Injection ◽

First Choice ◽

Online Stores

As the SQL injection attack is still at the top of the list at Open Web Application Security Project (OWASP) for more than one decade, this type of attack created too many types of issues for a web application, sensors, or any similar type of applications, such as leakage of user private data and organization intellectual property, or may cause Distributed Denial of Service (DDoS) attacks. This paper focused on the poor coding or invalidated input field which is a big cause of services unavailability for web applications. Secondly, it focused on the selection of program created issues for the WebSocket connections between sensors and the webserver. The number of users is growing to use web applications and mobile apps. These web applications or mobile apps are used for different purposes such as tracking vehicles, banking services, online stores for shopping, taxi booking, logistics, education, monitoring user activities, collecting data, or sending any instructions to sensors, and social websites. Web applications are easy to develop with less time and at a low cost. Due to that, business community or individual service provider’s first choice is to have a website and mobile app. So everyone is trying to provide 24/7 services to its users without any downtime. But there are some critical issues of web application design and development. These problems are leading to too many security loopholes for web servers, web applications, and its user’s privacy. Because of poor coding and validation of input fields, these web applications are vulnerable to SQL Injection and other security problems. Instead of using the latest third-party frameworks, language for website development, and version database server, another factor to disturb the services of a web server may be the socket programming for sensors at the production level. These sensors are installed in vehicles to track or use them for booking mobile apps.

Download Full-text

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2020-0050 ◽

2020 ◽

Vol 2020 (3) ◽

pp. 222-242 ◽

Cited By ~ 1

Author(s):

Catherine Han ◽

Irwin Reyes ◽

Álvaro Feal ◽

Joel Reardon ◽

Primal Wijesekera ◽

...

Keyword(s):

Data Collection ◽

Dynamic Analysis ◽

Online Survey ◽

Mobile Apps ◽

Third Party ◽

Security And Privacy ◽

Consumer Privacy ◽

Static And Dynamic Analysis ◽

Android Apps ◽

Collection Practices

AbstractIt is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.

Download Full-text

Losing Control to Data-Hungry Apps: A Mixed-Methods Approach to Mobile App Privacy

Social Science Computer Review ◽

10.1177/0894439318777706 ◽

2018 ◽

Vol 37 (4) ◽

pp. 466-488 ◽

Cited By ~ 8

Author(s):

Petter Bae Brandtzaeg ◽

Antoine Pultier ◽

Gro Mette Moen

Keyword(s):

Mixed Methods ◽

Data Sharing ◽

Mobile Apps ◽

Personal Data ◽

The United States ◽

Mobile App ◽

Third Party ◽

User Survey ◽

Privacy Policies ◽

Mixed Methods Approach

Personal data from mobile apps are increasingly impacting users’ lives and privacy perceptions. However, there is a scarcity of research addressing the combination of (1) individual perceptions of mobile app privacy, (2) actual dataflows in apps, and (3) how such perceptions and dataflows relate to actual privacy policies and terms of use in mobile apps. To address these limitations, we conducted an innovative mixed-methods study including a representative user survey in Norway, an analysis of personal dataflows in apps, and content analysis of privacy policies of 21 popular, free Android mobile apps. Our findings show that more than half the respondents in the user survey repeatedly had refrained from downloading or using apps to avoid sharing personal data. Our analysis of dataflows applied a novel methodology measuring activity in the apps over time (48 hr). The investigation showed that 19 of the 21 apps investigated transmitted personal data to a total of approximately 600 different primary and third-party domains. From an European perspective, it is particularly noteworthy that most of these domains were associated with tech companies in the United States, where privacy laws are less strict than companies operating from Europe. The investigation further revealed that some apps by default track and share user data continuously, even when the app is not in use. For some of these, the terms of use provided with the apps did not inform the users about the actual tracking practice. A comparison of terms of use as provided in the studied apps with actual person dataflows as identified in the analysis disclosed that three of the apps shared data in violation with their provided terms of use. A possible solution for the mobile app industry, to strengthen user trust, is privacy by design through opt-in data sharing with the service and third parties and more granular information on personal data sharing practices. Also, based on the findings from this study, we suggest specific visualizations to enhance transparency of personal dataflows in mobile apps. A methodological contribution is that a mixed-methods approach strengthens our understanding of the complexity of privacy issues in mobile apps.

Download Full-text

User Response Prediction in Online Advertising

ACM Computing Surveys ◽

10.1145/3446662 ◽

2021 ◽

Vol 54 (3) ◽

pp. 1-43

Author(s):

Zhabiz Gharibshah ◽

Xingquan Zhu

Keyword(s):

Machine Learning ◽

Mobile Apps ◽

Online Advertising ◽

Response Prediction ◽

Online Marketing ◽

Data Availability ◽

Third Party ◽

Learning Methods ◽

Comprehensive Review ◽

Machine Learning Methods

Online advertising, as a vast market, has gained significant attention in various platforms ranging from search engines, third-party websites, social media, and mobile apps. The prosperity of online campaigns is a challenge in online marketing and is usually evaluated by user response through different metrics, such as clicks on advertisement (ad) creatives, subscriptions to products, purchases of items, or explicit user feedback through online surveys. Recent years have witnessed a significant increase in the number of studies using computational approaches, including machine learning methods, for user response prediction. However, existing literature mainly focuses on algorithmic-driven designs to solve specific challenges, and no comprehensive review exists to answer many important questions. What are the parties involved in the online digital advertising eco-systems? What type of data are available for user response prediction? How do we predict user response in a reliable and/or transparent way? In this survey, we provide a comprehensive review of user response prediction in online advertising and related recommender applications. Our essential goal is to provide a thorough understanding of online advertising platforms, stakeholders, data availability, and typical ways of user response prediction. We propose a taxonomy to categorize state-of-the-art user response prediction methods, primarily focusing on the current progress of machine learning methods used in different online platforms. In addition, we also review applications of user response prediction, benchmark datasets, and open source codes in the field.

Download Full-text

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2018-0030 ◽

2018 ◽

Vol 2018 (4) ◽

pp. 33-50 ◽

Cited By ~ 3

Author(s):

Elleen Pan ◽

Jingjing Ren ◽

Martina Lindorfer ◽

Christo Wilson ◽

David Choffnes

Keyword(s):

Large Scale ◽

Mobile Apps ◽

Video Data ◽

Multimedia Data ◽

Third Party ◽

Sensor Data ◽

Personal Privacy ◽

Static And Dynamic Analysis ◽

Android Apps ◽

Privacy Risks

Abstract The high-fidelity sensors and ubiquitous internet connectivity offered by mobile devices have facilitated an explosion in mobile apps that rely on multimedia features. However, these sensors can also be used in ways that may violate user’s expectations and personal privacy. For example, apps have been caught taking pictures without the user’s knowledge and passively listened for inaudible, ultrasonic audio beacons. The developers of mobile device operating systems recognize that sensor data is sensitive, but unfortunately existing permission models only mitigate some of the privacy concerns surrounding multimedia data. In this work, we present the first large-scale empirical study of media permissions and leaks from Android apps, covering 17,260 apps from Google Play, AppChina, Mi.com, and Anzhi. We study the behavior of these apps using a combination of static and dynamic analysis techniques. Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. We also identify a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user and without requiring any permissions.

Download Full-text

Do developers update third-party libraries in mobile apps?

Proceedings of the 26th Conference on Program Comprehension - ICPC '18 ◽

10.1145/3196321.3196341 ◽

2018 ◽

Cited By ~ 8

Author(s):

Pasquale Salza ◽

Fabio Palomba ◽

Dario Di Nucci ◽

Cosmo D'Uva ◽

Andrea De Lucia ◽

...

Keyword(s):

Mobile Apps ◽

Third Party

Download Full-text

Leveraging apps for research and learning: a survey of Canadian academic libraries

Library Hi Tech ◽

10.1108/lht-12-2014-0115 ◽

2015 ◽

Vol 33 (1) ◽

pp. 2-14 ◽

Cited By ~ 8

Author(s):

Robin Canuel ◽

Chad Crichton

Keyword(s):

Academic Libraries ◽

Mobile Application ◽

Teaching And Learning ◽

Mobile Apps ◽

Academic Library ◽

Third Party ◽

Academic Librarians ◽

Content Type ◽

Practical Implications ◽

Insight Into

Purpose – The purpose of this paper is to assess the response of Canadian academic libraries to the rapid proliferation of mobile application (apps), many of which are useful for research, teaching, and learning. Design/methodology/approach – A survey was conducted to identify existing initiatives that address the use of mobile apps to facilitate research, teaching, and learning at the libraries of the 97 member institutions of the Association of Universities and Colleges of Canada (AUCC). Based on this survey, this paper describes how apps are promoted, curated, organized, and described by today’s academic libraries. A review of the literature places this survey in its broader context. Findings – In total, 37 per cent of AUCC member libraries include links to mobile apps in their web site. Larger, research-intensive universities, tend to leverage apps more frequently than smaller institutions. Examples of how academic libraries are promoting apps provide insight into how academic librarians are responding to the proliferation of mobile technology. Practical implications – The results of this survey highlight trends with regard to this emerging service opportunity, help to establish current best practices in the response of academic libraries to the emergence of mobile apps, and identify areas for potential future development. Originality/value – This is the first study of its kind to explore and describe how third-party apps are used and promoted within an academic library context.

Download Full-text

Abstract P201: Evaluating Data Sharing And Privacy Policies Of Diabetes Mobile Apps: Where Is The Data Going?

Hypertension ◽

10.1161/hyp.76.suppl_1.p201 ◽

2020 ◽

Vol 76 (Suppl_1) ◽

Author(s):

Khaled Abdelrahman ◽

Josh Bilello ◽

Megna Panchbhavi ◽

Mohammed S Abdullah

Keyword(s):

Data Sharing ◽

Mobile Applications ◽

Mobile Apps ◽

Third Party ◽

Privacy Policies ◽

Privacy Concerns ◽

App Store ◽

User Data ◽

Do So

Introduction: Diabetes mobile applications (apps) that help patients monitor disease have led to privacy concerns. We aimed to assess privacy policies for diabetes mobile applications with a focus on data transmission to outside parties. Methods: The App Store was used to gather apps pertaining to diabetes by searching “diabetes” and “blood sugar”. Two readers evaluated privacy policies (PP) including data sharing and storing techniques for mention of 27 predetermined criteria. All network traffic generated while loading and using the app was intercepted by a man-in-the-middle attack to listen to data delivered between the sender and receiver of data transmissions. A packet analyzer determined contents of transmission, where data was sent, and if transmission contained user data. Results: Of 35 apps evaluated, 29 (83%) had PP. The most frequent transmission destinations were Google (n=130 transmissions), Kamai Technologies (n=53), Facebook (n=38) and Amazon (n=33). 35 of 35 apps (100%) were transmitting data to a third party. 2 of 2 (100%) of those who had a privacy policy without mention of a third party transmitted data to a third party. 8 of 8 (100%) apps who mentioned they would not transmit to a third party were found to do so. 19 of 19 (100%) apps who mentioned they would transmit data to a third party were found to do so. All apps (n=6) without a privacy policy were found to be transmitting data to a third party. Conclusion: Most diabetes apps on the App store have accessible PP. All apps evaluated transmitted data to a third party, even when the policy stated this would not occur. As mobile applications are increasingly utilized by patients, it is important to warn of privacy implications.

Download Full-text

What’s behind a scratch card? Designing a mobile application using gamification to study customer loyalty: An experimental approach

Australasian Journal of Information Systems ◽

10.3127/ajis.v25i0.3203 ◽

2021 ◽

Vol 25 ◽

Author(s):

Abhishek Behl ◽

Vijay Pereira

Keyword(s):

Customer Loyalty ◽

Game Design ◽

Mobile Apps ◽

Self Determination Theory ◽

Third Party ◽

Design Elements ◽

Customer's Loyalty ◽

Game Elements ◽

Relationship Of ◽

The Relationship

The use of game design elements (often called gamification) by firms to engage the customers has attracted attention in recent times. These game elements contribute to shaping up customer’s motivation and loyalty. Gamification is explored from the lens of both empirical as well as an experimental methodological standpoint. There still lacks substantial evidence that explains how and which types of rewards help to understand the customer's motivation. The study addresses this gap by designing an experimental study of 2x2 to address how gamified mobile apps used for making payments can help capture customer’s loyalty by offering them rewards. Data is collected from 385 customers who have been using mobile apps to make payments in the past. The data were tested to check if gamification positively helps the user hedonic and utilitarian motivation, which then positively impacts their loyalty. The study is also moderated by type of rewards (direct cash rewards v/s indirect third party partnered rewards) on the relationship of gamification and customer loyalty mediated through motivation. The results confirm that mobile payment apps' cash rewards are more useful, especially when the degree of uncertainty in the game element is high (scratch card). Additionally, they contribute to a higher degree of utilitarian benefits to the customers. The results contribute to the extension of the self-determination theory and stimulus organism response framework as well.

Download Full-text