Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence

  • Iraklis SymeonidisEmail author
  • Fatemeh Shirazi
  • Gergely Biczók
  • Cristina Pérez-Solà
  • Bart Preneel
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 471)


Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage.


Personal Data Online Social Network Federal Trade Commission Collateral Damage User Survey 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We notably want to thank Markus Hubert and SBA Research Center for providing us with the necessary material for our study. A thank you to Faruk Gologlu, Filipe Beato, and all the anonymous reviewers who helped for better shaping the idea and the quality of the text. This work was supported in part by the Research Council KU Leuven (C16/15/058), the Spanish Government (TIN2014-55243-P and FPU-AP2010-0078), the Catalan Government (AGAUR 2014SGR-691) and by Microsoft Research through its PhD Scholarship Programme. G. Biczók has been supported by the János Bolyai Research Scholarship of the Hungarian Academy of Sciences.


  1. 1.
    Council of the EU Final Compromised Resolution. Accessed Feb 2015
  2. 2.
    Directive 95/46/EC of the European Parliament and of the Council. Accessed April 2015
  3. 3.
    FTC and Facebook agreement for 3rd party apps. Accessed February 2015
  4. 4.
    Albert, R., Barabási, A.: Statistical mechanics of complex networks. CoRR, cond-mat/0106096 (2001)Google Scholar
  5. 5.
    AppInspect. A framework for automated security and privacy analysis of OSN application ecosystems. Accessed Sept 2015
  6. 6.
    Biczók, G., Chia, P.H.: Interdependent privacy: Let me share your data. In 17th FC, Okinawa, Japan, pp. 338–353 (2013)Google Scholar
  7. 7.
    Boyd, D., Ellison, N.B.: Social network sites: definition, history, and scholarship. J. Comput. Mediated Commun. 13(1), 210–230 (2007)CrossRefGoogle Scholar
  8. 8.
    Cooper, D., Kagel, J.H.: Other regarding preferences: a selective survey of experimental results. Handbook of Experimental Economics (2009)Google Scholar
  9. 9.
    Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57, 99–106 (2014)CrossRefGoogle Scholar
  10. 10.
    Erdös, P., Rényi, A.: On the evolution of random graphs. In: Publication of the Mathematical Institute of the Hungarian Academy of Sciences, pp. 17–61 (1960)Google Scholar
  11. 11.
    Golbeck, J., Mauriello, M.L.: User Perception of Facebook App Data Access: A Comparison of Methods and Privacy Concerns. University of Maryland, Maryland (2014)Google Scholar
  12. 12.
    Huber, M., Mulazzani, M., Schrittwieser, S., Weippl, E.R.: Appinspect: large-scale evaluation of social networking apps. In: COSN 2013, Boston, pp. 143–154 (2013)Google Scholar
  13. 13.
    Jobber, D., Ellis-Chadwick, F.: Principles and Practice of Marketing, 7th edn. McGraw-Hill Higher Education, New York (2012)Google Scholar
  14. 14.
    McDonnel, N., Troncoso, C., Tsormpatzoudi, P., Coudert, F., Métayer, L.: Deliverable 5.1: State-of-play: Current practices and solutions. FP7 PRIPARE project. Accessed May 2015
  15. 15.
    Mislove, A., Marcon, M., Gummadi, P.K., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: 7th ACM SIGCOMM, San Diego, pp. 29–42 (2007)Google Scholar
  16. 16.
    Pu, Y., Grossklags, J.: An economic model and simulation results of app adoption decisions on networks with interdependent privacy consequences. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 246–265. Springer, Heidelberg (2014)Google Scholar
  17. 17.
    Pu, Y., Grossklags, J.: Using conjoint analysis to investigate the value of interdependent privacy in social app adoption scenarios. In: 36th ICIS (2015)Google Scholar
  18. 18.
    Stahl, D.O., Haruvy, E.: Other-regarding preferences: Egalitarian warm glow, empathy, and group size. J. Econ. Behav. Organ. 61, 20–41 (2006)CrossRefGoogle Scholar
  19. 19.
    Statista. Leading Social Networks Worldwide as of January 2016. Accessed Sept 2015
  20. 20.
    Symeonidis, I., Tsormpatzoudi, P., Preneel, B.: Collateral damage of online social network applications. In: 2nd ICISSP, Rome (2016)Google Scholar
  21. 21.
    Ugander, J., Karrer, B., Backstrom, L., Marlow, C.: The anatomy of the Facebook social graph. CoRR, abs/1111.4503 (2011)Google Scholar
  22. 22.
    Wang, N., Xu, H., Grossklags, J.: Third-party apps on Facebook: Privacy and the illusion of control. In: 5th ACM CHIMIT, pp. 4:1–4:10. ACM (2011)Google Scholar
  23. 23.
    Watts, D.J., Strogatz, S.H.: Collective dynamics of ‘small-world’ networks. Nature 393(6684), 409–410 (1998)CrossRefGoogle Scholar
  24. 24.
    Wilson, C., Boe, B., Sala, A., Puttaswamy, K.P., Zhao, B.Y.: User interactions in social networks and their implications. In: 4th ACM EuroSys, pp. 205–218, New York (2009)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Iraklis Symeonidis
    • 1
    Email author
  • Fatemeh Shirazi
    • 1
  • Gergely Biczók
    • 2
  • Cristina Pérez-Solà
    • 1
    • 3
  • Bart Preneel
    • 1
  1. 1.ESAT/COSIC and iMindsKU LeuvenLeuvenBelgium
  2. 2.MTA-BME Future Internet RGBudapest University of Technology and EconomicsBudapestHungary
  3. 3.dEICUniversitat Autònoma de BarcelonaBarcelonaSpain

Personalised recommendations