scholarly journals Losing Control to Data-Hungry Apps: A Mixed-Methods Approach to Mobile App Privacy

2018 ◽  
Vol 37 (4) ◽  
pp. 466-488 ◽  
Author(s):  
Petter Bae Brandtzaeg ◽  
Antoine Pultier ◽  
Gro Mette Moen
Keyword(s):  
Mixed Methods ◽  
Data Sharing ◽  
Mobile Apps ◽  
Personal Data ◽  
The United States ◽  
Mobile App ◽  
Third Party ◽  
User Survey ◽  
Privacy Policies ◽  
Mixed Methods Approach

Personal data from mobile apps are increasingly impacting users’ lives and privacy perceptions. However, there is a scarcity of research addressing the combination of (1) individual perceptions of mobile app privacy, (2) actual dataflows in apps, and (3) how such perceptions and dataflows relate to actual privacy policies and terms of use in mobile apps. To address these limitations, we conducted an innovative mixed-methods study including a representative user survey in Norway, an analysis of personal dataflows in apps, and content analysis of privacy policies of 21 popular, free Android mobile apps. Our findings show that more than half the respondents in the user survey repeatedly had refrained from downloading or using apps to avoid sharing personal data. Our analysis of dataflows applied a novel methodology measuring activity in the apps over time (48 hr). The investigation showed that 19 of the 21 apps investigated transmitted personal data to a total of approximately 600 different primary and third-party domains. From an European perspective, it is particularly noteworthy that most of these domains were associated with tech companies in the United States, where privacy laws are less strict than companies operating from Europe. The investigation further revealed that some apps by default track and share user data continuously, even when the app is not in use. For some of these, the terms of use provided with the apps did not inform the users about the actual tracking practice. A comparison of terms of use as provided in the studied apps with actual person dataflows as identified in the analysis disclosed that three of the apps shared data in violation with their provided terms of use. A possible solution for the mobile app industry, to strengthen user trust, is privacy by design through opt-in data sharing with the service and third parties and more granular information on personal data sharing practices. Also, based on the findings from this study, we suggest specific visualizations to enhance transparency of personal dataflows in mobile apps. A methodological contribution is that a mixed-methods approach strengthens our understanding of the complexity of privacy issues in mobile apps.

Abstract P201: Evaluating Data Sharing And Privacy Policies Of Diabetes Mobile Apps: Where Is The Data Going?

Hypertension ◽  
2020 ◽  
Vol 76 (Suppl_1) ◽  
Author(s):  
Khaled Abdelrahman ◽  
Josh Bilello ◽  
Megna Panchbhavi ◽  
Mohammed S Abdullah
Keyword(s):  
Data Sharing ◽  
Mobile Applications ◽  
Mobile Apps ◽  
Third Party ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Privacy Concerns ◽  
App Store ◽  
User Data ◽  
Do So

Introduction: Diabetes mobile applications (apps) that help patients monitor disease have led to privacy concerns. We aimed to assess privacy policies for diabetes mobile applications with a focus on data transmission to outside parties. Methods: The App Store was used to gather apps pertaining to diabetes by searching “diabetes” and “blood sugar”. Two readers evaluated privacy policies (PP) including data sharing and storing techniques for mention of 27 predetermined criteria. All network traffic generated while loading and using the app was intercepted by a man-in-the-middle attack to listen to data delivered between the sender and receiver of data transmissions. A packet analyzer determined contents of transmission, where data was sent, and if transmission contained user data. Results: Of 35 apps evaluated, 29 (83%) had PP. The most frequent transmission destinations were Google (n=130 transmissions), Kamai Technologies (n=53), Facebook (n=38) and Amazon (n=33). 35 of 35 apps (100%) were transmitting data to a third party. 2 of 2 (100%) of those who had a privacy policy without mention of a third party transmitted data to a third party. 8 of 8 (100%) apps who mentioned they would not transmit to a third party were found to do so. 19 of 19 (100%) apps who mentioned they would transmit data to a third party were found to do so. All apps (n=6) without a privacy policy were found to be transmitting data to a third party. Conclusion: Most diabetes apps on the App store have accessible PP. All apps evaluated transmitted data to a third party, even when the policy stated this would not occur. As mobile applications are increasingly utilized by patients, it is important to warn of privacy implications.

Assessment and Prediction of Privacy Concerns on Health Apps (Preprint)

2020 ◽  
Author(s):  
Reham AlTamime ◽  
Vincent Marmion ◽  
Wendy Hall
Keyword(s):  
Data Sharing ◽  
Mobile Applications ◽  
Retention Rate ◽  
Mobile Apps ◽  
Third Party ◽  
Privacy Concerns ◽  
Health Apps ◽  
Mobile Health Apps ◽  
Specific Factors ◽  
And Control

BACKGROUND Mobile apps and IoT-enabled smartphones technologies facilitate collecting, sharing, and inferring from a vast amount of data about individuals’ location, health conditions, mobility status, and other factors. The use of such technology highlights the importance of understanding individuals’ privacy concerns to design applications that integrate their privacy expectations and requirements. OBJECTIVE This paper explores, assesses, and predicts individuals’ privacy concerns in relation to collecting and disclosing data on mobile health apps. METHODS We designed a questionnaire to identify participants’ privacy concerns pertaining to a set of 432 mobile apps’ data collection and sharing scenarios. Participants were presented with 27 scenarios that varied across three categorical factors: (1) type of data collected (e.g. health, demographic, behavioral, and location); (2) data sharing (e.g., whether it is shared, and for what purpose); and, (3) retention rate (e.g., forever, until the purpose is satisfied, unspecified, week, or year). RESULTS Our findings show that type of data, data sharing, and retention rate are all factors that affect individuals’ privacy concerns. However, specific factors such as collecting and disclosing health data to a third-party tracker play a larger role than other factors in triggering privacy concerns. CONCLUSIONS Our findings suggest that it is possible to predict privacy concerns based on these three factors. We propose design approaches that can improve users’ awareness and control of their data on mobile applications

How Do Mobile Applications for Cancer Communicate About Their Privacy Practices?

2021 ◽  
pp. 113-144
Author(s):  
Zerin Mahzabin Khan ◽  
Rukhsana Ahmed ◽  
Devjani Sen
Keyword(s):  
Mobile Applications ◽  
Critical Analysis ◽  
Data Privacy ◽  
Mobile Apps ◽  
Personal Data ◽  
End Users ◽  
Privacy Policies ◽  
Inadequate Information ◽  
Practical Implications ◽  
Complex Manner

No previous research on cancer mobile applications (apps) has investigated issues associated with the data privacy of its consumers. The current chapter addressed this gap in the literature by assessing the content of online privacy policies of selected cancer mobile apps through applying a checklist and performing an in-depth critical analysis to determine how the apps communicated their privacy practices to end users. The results revealed that the privacy policies were mostly ambiguous, with content often presented in a complex manner and inadequate information on the ownership, use, disclosure, retention, and collection of end users' personal data. These results highlight the importance of improving the transparency of privacy practices in health and fitness cancer mobile apps to clearly and effectively communicate how end users' personal data are collected, stored, and shared. The chapter concludes with recommendations and discussion on practical implications for stakeholders like cancer app users, developers, policymakers, and clinicians.

A Contextual Approach to Privacy Online

Daedalus ◽  
2011 ◽  
Vol 140 (4) ◽  
pp. 32-48 ◽  
Author(s):  
Helen Nissenbaum
Keyword(s):  
Public Discourse ◽  
The United States ◽  
Third Party ◽  
Privacy Policies ◽  
Alternative Approach ◽  
Selective Targeting ◽  
Commercial Enterprise ◽  
True Choice ◽  
The Moment ◽  
Context Specific

Recent media revelations have demonstrated the extent of third-party tracking and monitoring online, much of it spurred by data aggregation, profiling, and selective targeting. How to protect privacy online is a frequent question in public discourse and has reignited the interest of government actors. In the United States, notice-and-consent remains the fallback approach in online privacy policies, despite its weaknesses. This essay presents an alternative approach, rooted in the theory of contextual integrity. Proposals to improve and fortify notice-and-consent, such as clearer privacy policies and fairer information practices, will not overcome a fundamental flaw in the model, namely, its assumption that individuals can understand all facts relevant to true choice at the moment of pair-wise contracting between individuals and data gatherers. Instead, we must articulate a backdrop of context-specific substantive norms that constrain what information websites can collect, with whom they can share it, and under what conditions it can be shared. In developing this approach, the paper warns that the current bias in conceiving of the Net as a predominantly commercial enterprise seriously limits the privacy agenda.

scholarly journals Session Fingerprinting in Android via Web-to-App Intercommunication

2018 ◽  
Vol 2018 ◽  
pp. 1-13 ◽  
Author(s):  
Efthimios Alepis ◽  
Constantinos Patsakis
Keyword(s):  
Mobile Devices ◽  
Context Awareness ◽  
Mobile Apps ◽  
Personal Data ◽  
Mobile App ◽  
Web Pages ◽  
Sensitive Information ◽  
Privacy Concerns ◽  
Everyday Lives

The extensive adoption of mobile devices in our everyday lives, apart from facilitating us through their various enhanced capabilities, has also raised serious privacy concerns. While mobile devices are equipped with numerous sensors which offer context-awareness to their installed apps, they can also be exploited to reveal sensitive information when correlated with other data or sources. Companies have introduced a plethora of privacy invasive methods to harvest users’ personal data for profiling and monetizing purposes. Nonetheless, up till now, these methods were constrained by the environment they operate, e.g., browser versus mobile app, and since only a handful of businesses have actual access to both of these environments, the conceivable risks could be calculated and the involved enterprises could be somehow monitored and regulated. This work introduces some novel user deanonymization approaches for device and user fingerprinting in Android. Having Android AOSP as our baseline, we prove that web pages, by using several inherent mechanisms, can cooperate with installed mobile apps to identify which sessions operate in specific devices and consequently further expose users’ privacy.

scholarly journals Poor Coding Leads to DoS Attack and Security Issues in Web Applications for Sensors

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Khuda Bux Jalbani ◽  
Muhammad Yousaf ◽  
Muhammad Shahzad Sarfraz ◽  
Rozita Jamili Oskouei ◽  
Akhtar Hussain ◽  
...  
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Mobile Apps ◽  
Denial Of Service ◽  
Mobile App ◽  
Business Community ◽  
Third Party ◽  
Sql Injection ◽  
First Choice ◽  
Online Stores

As the SQL injection attack is still at the top of the list at Open Web Application Security Project (OWASP) for more than one decade, this type of attack created too many types of issues for a web application, sensors, or any similar type of applications, such as leakage of user private data and organization intellectual property, or may cause Distributed Denial of Service (DDoS) attacks. This paper focused on the poor coding or invalidated input field which is a big cause of services unavailability for web applications. Secondly, it focused on the selection of program created issues for the WebSocket connections between sensors and the webserver. The number of users is growing to use web applications and mobile apps. These web applications or mobile apps are used for different purposes such as tracking vehicles, banking services, online stores for shopping, taxi booking, logistics, education, monitoring user activities, collecting data, or sending any instructions to sensors, and social websites. Web applications are easy to develop with less time and at a low cost. Due to that, business community or individual service provider’s first choice is to have a website and mobile app. So everyone is trying to provide 24/7 services to its users without any downtime. But there are some critical issues of web application design and development. These problems are leading to too many security loopholes for web servers, web applications, and its user’s privacy. Because of poor coding and validation of input fields, these web applications are vulnerable to SQL Injection and other security problems. Instead of using the latest third-party frameworks, language for website development, and version database server, another factor to disturb the services of a web server may be the socket programming for sensors at the production level. These sensors are installed in vehicles to track or use them for booking mobile apps.

scholarly journals Usability Testing of a Mobile App to Report Medication Errors Anonymously: Mixed-Methods Approach

10.2196/12232 ◽  
2018 ◽  
Vol 5 (4) ◽  
pp. e12232 ◽  
Author(s):  
Doris George ◽  
Mohamed Azmi Hassali ◽  
Amar-Singh HSS
Keyword(s):  
Mixed Methods ◽  
Medication Errors ◽  
Usability Testing ◽  
Mobile App ◽  
Mixed Methods Approach

scholarly journals Pediatric Speech-Language Pathologists’ Use of Mobile Health Technology: Qualitative Questionnaire Study (Preprint)

2019 ◽  
Author(s):  
Kelsey Thompson ◽  
Emily Zimmerman
Keyword(s):  
Parent Education ◽  
Technology Use ◽  
Online Survey ◽  
Mobile Apps ◽  
Clinical Work ◽  
The United States ◽  
Mobile App ◽  
Future Research ◽  
Age Group ◽  
Speech Language Pathologists

BACKGROUND While technology use in pediatric therapies is increasing, there is so far no research available focusing on how pediatric speech-language pathologists (SLPs) in the United States use technology. OBJECTIVE This paper sought to determine if, and to what extent, pediatric SLPs are using mobile apps, to determine what purpose they are using them for, and to identify gaps in available technology to provide guidance for future technological development. METHODS Pediatric SLPs completed an online survey containing five sections: demographics, overall use, use in assessment, use in intervention, barriers, and future directions. RESULTS Mobile app use by 485 pediatric SLPs in the clinical setting was analyzed. Most (364/438; 83.1%) pediatric SLPs reported using technology ≤50% of the time in their clinical work, with no differences evident by age group (&lt;35 years and ≥35 years; <italic>P</italic>=.97). Pediatric SLPs are currently using apps for intervention (399/1105; 36.1%), clinical information (241/1105; 21.8%), parent education (151/1105; 13.7%), assessment (132/1105; 12%), client education (108/1105; 9.8%), and other uses (55/1105; 5.0%). Cost (46/135; 34.1%) and lack of an evidence base (36/135; 26.7%) were the most frequently reported barriers. Most SLPs (268/380; 70.7%) desired more technology use, with no difference evident by age group (<italic>P</italic>=.81). CONCLUSIONS A majority of pediatric SLPs are using mobile apps less than 50% of the time in a pediatric setting and they use them more during intervention compared to assessment. While pediatric SLPs are hesitant to add to their client’s screen time, they would like more apps to be developed that are supported by research and are less expensive. Implications for future research and app development are also discussed.

scholarly journals Exploration of user�s perspectives and needs and design of a type 1 diabetes management mobile app: mixed-methods study (Preprint)

2018 ◽  
Author(s):  
Yiyu Zhang ◽  
Xia Li ◽  
Shuoming Luo ◽  
Chaoyuan Liu ◽  
Fang Liu ◽  
...  
Keyword(s):  
Mixed Methods ◽  
Health Care Professionals ◽  
Diabetes Management ◽  
Mobile Apps ◽  
Diabetes Education ◽  
Qualitative Interviews ◽  
Mobile App ◽  
Patient Questionnaires ◽  
App Design ◽  
Doctor Communication

BACKGROUND With the popularity of smart phones, mobile apps have great potential for the management of diabetes, but the effectiveness of current diabetes apps for T1DM is poor. No study has explored the reasons from the user’s perspective. OBJECTIVE To explore the perspectives and needs of T1DM patients and diabetes experts concerning diabetes app and to design a new T1DM management mobile app. METHODS A mixed methods design combining quantitative surveys and qualitative interviews was used to explore user needs and perspectives. Experts were surveyed at two diabetes conferences using paper questionnaires. T1DM patients were surveyed using Sojump on a network. We conducted semi-structured in-depth interviews with adult T1DM patients or parents of child patients who had ever used diabetes apps. The interviews were audio-recorded, transcribed and coded for theme identification. RESULTS The expert response rate was 63.5% (127/200). They thought that the reasons for app invalidity were that patients did not stick to using the app (76.4%, 97/127), little guidance was received from health care professionals (HCPs) (73.2%, 93/127), diabetes education knowledge was unsystematic (52.8% 67/127) and the app functions were incomplete (44.1%, 56/127). A total of 245 T1DM patient questionnaires were collected, of which 21.2% (52/245) of the respondents had used diabetes apps. The reasons for their reluctance to use an app were limited time (39%, 20/52), complicated operations (25%, 13/52), uselessness (25%, 13/52) and cost (25%, 13/52). Both the experts and patients thought that the most important functions of the app were patient-doctor communication and diabetes diary. Two themes that were useful for app design were identified from the interviews: (1) problems with patients’ diabetes self-management and (2) problems with current apps. Additionally, needs and suggestions for a diabetes app were obtained. CONCLUSIONS Patient-doctor communication is the most important function of a diabetes app. Apps should be integrated with HCPs rather than stand alone. We advocate that doctors follow up with their patients using diabetes app. Our user-centered method explored comprehensively and deeply why the effectiveness of current diabetes apps for T1DM was poor and what T1DM patients needed for a diabetes app, and provided meaningful guidance for app design.

Sign in / Sign up

Export Citation Format

Share Document