Skip to main content
SpringerLink
Log in

Interdependent Privacy Issues Are Pervasive Among Third-Party Applications

  • Conference paper
  • First Online:
Data Privacy Management, Cryptocurrencies and Blockchain Technology (DPM 2021, CBT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13140))

  • 983 Accesses

Abstract

Third-party applications are popular: they improve and extend the features offered by their respective platforms, whether being mobile OS, browsers or cloud-based tools. Although some privacy concerns regarding these apps have been studied in detail, the phenomenon of interdependent privacy, when a user shares others’ data with an app without their knowledge and consent. Through careful analysis of permission models and multiple platform-specific datasets, we show that interdependent privacy risks are enabled by certain permissions in all platforms studied, and actual apps request these permissions instantiating these risks. We also identify potential risk signals, and discuss solutions which could improve transparency and control for users, developers and platform owners.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://developer.apple.com/app-store/user-privacy-and-data-use/.

  2. 2.

    https://www.androidauthority.com/android-privacy-dashboard-1233846/.

  3. 3.

    https://www.theguardian.com/technology/2021/feb/27/facebook-illinois-privacy-lawsuit-settlement.

  4. 4.

    https://www.wsj.com/articles/google-exposed-user-data-feared-repercussions-of-disclosing-to-public-1539017194.

  5. 5.

    https://ec.europa.eu/newsroom/article29/items/610173.

  6. 6.

    https://privacyinternational.org/node/2997.

  7. 7.

    https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#browser_compatibility.

  8. 8.

    e.g. Firefox: https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions.

  9. 9.

    https://developer.chrome.com/docs/extensions/mv2/permission_warnings/#permissions_with_warnings.

  10. 10.

    https://developer.chrome.com/docs/extensions/mv3/intro/mv3-overview/.

  11. 11.

    https://workspace.google.com/marketplace.

  12. 12.

    https://www.dropbox.com/s/iz9kedsbzaw2vn1/liu_dpm2021_data.zip?dl=0.

  13. 13.

    https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#activetab_permission.

  14. 14.

    https://about.fb.com/news/2018/04/restricting-data-access/.

  15. 15.

    https://privacyinternational.org/node/2997.

References

  1. Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  2. Biczók, G., Chia, P.H.: Interdependent privacy: let me share your data. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 338–353. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_29

    Chapter  Google Scholar 

  3. Boyd, D.: Networked privacy. Surveill. Soc. 10(3/4), 348 (2012)

    Article  Google Scholar 

  4. Chia, P.H., Yamamoto, Y., Asokan, N.: Is this app safe?: a large scale study on application permissions and risk signals. In: Mille, A., Gandon, F., Misselis, J., Rabinovich, M., Staab, S. (eds.) Proceedings of the 21st World Wide Web Conference 2012, WWW 2012, Lyon, France, 16–20 April 2012, pp. 311–320. ACM (2012). https://doi.org/10.1145/2187836.2187879

  5. Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_1

    Chapter  Google Scholar 

  6. Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30921-2_17

    Chapter  Google Scholar 

  7. Gnesi, S., Matteucci, I., Moiso, C., Mori, P., Petrocchi, M., Vescovi, M.: My data, your data, our data: managing privacy preferences in multiple subjects personal data. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 154–171. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06749-0_11

    Chapter  Google Scholar 

  8. Harkous, H., Aberer, K.: “If you can’t beat them, join them”: a usability approach to interdependent privacy in cloud apps. CoRR abs/1702.08234 (2017). http://arxiv.org/abs/1702.08234

  9. Humbert, M., Ayday, E., Hubaux, J., Telenti, A.: Addressing the concerns of the lacks family: quantification of kin genomic privacy. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 1141–1152. ACM (2013). https://doi.org/10.1145/2508859.2516707

  10. Humbert, M., Trubert, B., Huguenin, K.: A survey on interdependent privacy. ACM Comput. Surv. 52(6), 122:1–122:40 (2020). https://doi.org/10.1145/3360498

  11. Jia, L., et al.: Run-time enforcement of information-flow properties on Android. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 775–792. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_43

    Chapter  Google Scholar 

  12. Kamleitner, B., Mitchell, V.: Your data is my data: a framework for addressing interdependent privacy infringements. J. Public Policy Market. 38(4), 433–450 (2019)

    Article  Google Scholar 

  13. Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3393–3402 (2013)

    Google Scholar 

  14. King, J., Lampinen, A., Smolen, A.: Privacy: is there an app for that? In: Proceedings of the Seventh Symposium on Usable Privacy and Security, pp. 1–20 (2011)

    Google Scholar 

  15. Olteanu, A., Huguenin, K., Dacosta, I., Hubaux, J.: Consensual and privacy-preserving sharing of multi-subject and interdependent data. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February 2018. The Internet Society (2018). http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/07/ndss2018_06B-1_Olteanu_paper.pdf

  16. Olteanu, A., Huguenin, K., Shokri, R., Humbert, M., Hubaux, J.: Quantifying interdependent privacy risks with location data. IEEE Trans. Mob. Comput. 16(3), 829–842 (2017). https://doi.org/10.1109/TMC.2016.2561281

  17. Parker, G.G., Van Alstyne, M.W.: Two-sided network effects: a theory of information product design. Manag. Sci. 51(10), 1494–1504 (2005)

    Article  Google Scholar 

  18. Pu, Y., Grossklags, J.: Towards a model on the factors influencing social app users’ valuation of interdependent privacy. Proc. Priv. Enhancing Technol. 2016(2), 61–81 (2016). https://doi.org/10.1515/popets-2016-0005

  19. Reardon, J., Feal, Á., Wijesekera, P., On, A.E.B., Vallina-Rodriguez, N., Egelman, S.: 50 ways to leak your data: an exploration of apps’ circumvention of the android permissions system. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 603–620 (2019)

    Google Scholar 

  20. Squicciarini, A.C., Shehab, M., Paci, F.: Collective privacy management in social networks. In: Quemada, J., León, G., Maarek, Y.S., Nejdl, W. (eds.) Proceedings of the 18th International Conference on World Wide Web, WWW 2009, Madrid, Spain, 20–24 April 2009, pp. 521–530. ACM (2009). https://doi.org/10.1145/1526709.1526780

  21. Such, J.M., Porter, J., Preibusch, S., Joinson, A.: Photo privacy conflicts in social media: a large-scale empirical study. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3821–3832 (2017)

    Google Scholar 

  22. Symeonidis, I., Biczók, G., Shirazi, F., Pérez-Solà, C., Schroers, J., Preneel, B.: Collateral damage of Facebook third-party applications: a comprehensive study. Comput. Secur. 77, 179–208 (2018). https://doi.org/10.1016/j.cose.2018.03.015

  23. Wang, N., Xu, H., Grossklags, J.: Third-party apps on Facebook: privacy and the illusion of control. In: Proceedings of the 5th ACM Symposium on Computer Human Interaction for Management of Information Technology, pp. 1–10 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Networked Systems and Services, CrySyS Lab, Budapest University of Technology and Economics, Budapest, Hungary

    Shuaishuai Liu, Barbara Herendi & Gergely Biczók

Authors
  1. Shuaishuai Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Barbara Herendi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gergely Biczók
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Shuaishuai Liu or Gergely Biczók .

Editor information

Editors and Affiliations

  1. Institut Polytechnique de Paris, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. Universitat Politècnica de Catalunya, Barcelona, Spain

    Jose Luis Muñoz-Tapia

  3. Universitat Autonoma de Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  4. Universitat Politècnica de Catalunya, Barcelona, Spain

    Miguel Soriano

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, S., Herendi, B., Biczók, G. (2022). Interdependent Privacy Issues Are Pervasive Among Third-Party Applications. In: Garcia-Alfaro, J., Muñoz-Tapia, J.L., Navarro-Arribas, G., Soriano, M. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2021 2021. Lecture Notes in Computer Science(), vol 13140. Springer, Cham. https://doi.org/10.1007/978-3-030-93944-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93944-1_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93943-4

  • Online ISBN: 978-3-030-93944-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation