Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence

  • Iraklis Symeonidis
  • Fatemeh Shirazi
  • Gergely Biczók
  • Cristina Pérez-Solà
  • Bart Preneel
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 471)

Abstract

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage.

References

  1. 1.
    Council of the EU Final Compromised Resolution. http://www.europarl.europa.eu. Accessed Feb 2015
  2. 2.
    Directive 95/46/EC of the European Parliament and of the Council. http://ec.europa.eu/. Accessed April 2015
  3. 3.
    FTC and Facebook agreement for 3rd party apps. http://www.ftc.gov/. Accessed February 2015
  4. 4.
    Albert, R., Barabási, A.: Statistical mechanics of complex networks. CoRR, cond-mat/0106096 (2001)Google Scholar
  5. 5.
    AppInspect. A framework for automated security and privacy analysis of OSN application ecosystems. http://ai.sba-research.org/. Accessed Sept 2015
  6. 6.
    Biczók, G., Chia, P.H.: Interdependent privacy: Let me share your data. In 17th FC, Okinawa, Japan, pp. 338–353 (2013)Google Scholar
  7. 7.
    Boyd, D., Ellison, N.B.: Social network sites: definition, history, and scholarship. J. Comput. Mediated Commun. 13(1), 210–230 (2007)CrossRefGoogle Scholar
  8. 8.
    Cooper, D., Kagel, J.H.: Other regarding preferences: a selective survey of experimental results. Handbook of Experimental Economics (2009)Google Scholar
  9. 9.
    Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57, 99–106 (2014)CrossRefGoogle Scholar
  10. 10.
    Erdös, P., Rényi, A.: On the evolution of random graphs. In: Publication of the Mathematical Institute of the Hungarian Academy of Sciences, pp. 17–61 (1960)Google Scholar
  11. 11.
    Golbeck, J., Mauriello, M.L.: User Perception of Facebook App Data Access: A Comparison of Methods and Privacy Concerns. University of Maryland, Maryland (2014)Google Scholar
  12. 12.
    Huber, M., Mulazzani, M., Schrittwieser, S., Weippl, E.R.: Appinspect: large-scale evaluation of social networking apps. In: COSN 2013, Boston, pp. 143–154 (2013)Google Scholar
  13. 13.
    Jobber, D., Ellis-Chadwick, F.: Principles and Practice of Marketing, 7th edn. McGraw-Hill Higher Education, New York (2012)Google Scholar
  14. 14.
    McDonnel, N., Troncoso, C., Tsormpatzoudi, P., Coudert, F., Métayer, L.: Deliverable 5.1: State-of-play: Current practices and solutions. FP7 PRIPARE project. http://pripareproject.eu. Accessed May 2015
  15. 15.
    Mislove, A., Marcon, M., Gummadi, P.K., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: 7th ACM SIGCOMM, San Diego, pp. 29–42 (2007)Google Scholar
  16. 16.
    Pu, Y., Grossklags, J.: An economic model and simulation results of app adoption decisions on networks with interdependent privacy consequences. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 246–265. Springer, Heidelberg (2014)Google Scholar
  17. 17.
    Pu, Y., Grossklags, J.: Using conjoint analysis to investigate the value of interdependent privacy in social app adoption scenarios. In: 36th ICIS (2015)Google Scholar
  18. 18.
    Stahl, D.O., Haruvy, E.: Other-regarding preferences: Egalitarian warm glow, empathy, and group size. J. Econ. Behav. Organ. 61, 20–41 (2006)CrossRefGoogle Scholar
  19. 19.
    Statista. Leading Social Networks Worldwide as of January 2016. http://www.statista.com. Accessed Sept 2015
  20. 20.
    Symeonidis, I., Tsormpatzoudi, P., Preneel, B.: Collateral damage of online social network applications. In: 2nd ICISSP, Rome (2016)Google Scholar
  21. 21.
    Ugander, J., Karrer, B., Backstrom, L., Marlow, C.: The anatomy of the Facebook social graph. CoRR, abs/1111.4503 (2011)Google Scholar
  22. 22.
    Wang, N., Xu, H., Grossklags, J.: Third-party apps on Facebook: Privacy and the illusion of control. In: 5th ACM CHIMIT, pp. 4:1–4:10. ACM (2011)Google Scholar
  23. 23.
    Watts, D.J., Strogatz, S.H.: Collective dynamics of ‘small-world’ networks. Nature 393(6684), 409–410 (1998)CrossRefGoogle Scholar
  24. 24.
    Wilson, C., Boe, B., Sala, A., Puttaswamy, K.P., Zhao, B.Y.: User interactions in social networks and their implications. In: 4th ACM EuroSys, pp. 205–218, New York (2009)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Iraklis Symeonidis
    • 1
  • Fatemeh Shirazi
    • 1
  • Gergely Biczók
    • 2
  • Cristina Pérez-Solà
    • 1
    • 3
  • Bart Preneel
    • 1
  1. 1.ESAT/COSIC and iMindsKU LeuvenLeuvenBelgium
  2. 2.MTA-BME Future Internet RGBudapest University of Technology and EconomicsBudapestHungary
  3. 3.dEICUniversitat Autònoma de BarcelonaBarcelonaSpain

Personalised recommendations