Abstract
Nowadays, smartphones are equipped with various sensors collecting a huge amount of sensitive personal information about their users. However, for smartphone users, it remains hidden, and sensitive information is accessed by used applications and data requestors. Moreover, governmental institutions have no means to verify if applications requesting sensitive information are compliant with the General Data Protection Directive (GDPR), as it is infeasible to check the technical details and data requested by applications that are on the market. Thus, this research aims to shed light on the compliance analysis of applications with the GDPR. Therefore, a multidimensional analysis is applied to analyzing the permission requests of applications. The use case of security camera applications was chosen, as they access highly sensitive personal information. Our results confirm that these apps suffer from serious privacy issues ranging from regulatory compliance issues to inappropriate design and development strategies that can severely impact users’ privacy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Regulation (eu) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation) (2016)
Privacy and data protection in mobile applications. a study on the app development ecosystem and the technical implementation of GDPR. ENISA (2017)
Mobile security framework (mobsf) (2020)
Barrera, D., Kayacik,H., Van Oorschot, P.C., Somayaji. A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84 (2010)
Bugeja, J., Jacobsson, A., Davidsson. P.: Smart connected homes. Internet of Things A to Z: Technologies and Applications, pp. 359–384 (2018)
Bugeja, J., Jacobsson, A., Davidsson, P.: PRASH: a framework for privacy risk analysis of smart homes. Sensors 21(19), 6399 (2021)
Cavoukian, A., et al.: Privacy by design: the 7 foundational principles. In: Information and Privacy Commissioner of Ontario, Canada, 5 (2009)
Enck, W., Octeau, D., McDaniel, P.D., Chaudhuri, S.: A study of android application security. In: USENIX Security Symposium, vol. 2 (2011)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245 (2009)
Fritsch, L., Abie, H.: Towards a research road map for the management of privacy risks in information systems. In: SICHERHEIT 2008–Sicherheit, Schutz und Zuverlassigkeit. Beitrage der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft fur Informatik eV (GI) (2008)
Mahbub Habib, S., Alexopoulos, N., Monirul Islam, Md., Heider, J., Marsh, S., Müehlhäeuser. M.: Trust4app: automating trustworthiness assessment of mobile applications. In: 2018 17th IEEE International Conference On Trust, Security and Privacy In Computing and Communications/12th IEEE International Conference on Big Data Science And Engineering (TrustCom/BigDataSE), pp. 124–135. IEEE (2018)
Hatamian, M.: Engineering privacy in smartphone apps: a technical guideline catalog for app developers. IEEE Access 8, 35429–35445 (2020)
Hatamian, M., Kitkowska, A., Korunovska, J., Kirrane, S.: “It’s shocking!": analysing the impact and reactions to the A3: android apps behaviour analyser. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 198–215. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95729-6_13
Hatamian, M., Momen, N., Fritsch, L., Rannenberg, K.: A multilateral privacy impact analysis method for android apps. In: Naldi, M., Italiano, G.F., Rannenberg, K., Medina, M., Bourka, A. (eds.) APF 2019. LNCS, vol. 11498, pp. 87–106. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21752-5_7
Hatamian, M., Serna, J., Rannenberg, K.: Revealing the unrevealed: mining smartphone users privacy perception on app markets. Comput. Secur 83, 332–353 (2019)
Hatamian, M., Serna, J., Rannenberg, K., Igler, B.: FAIR: fuzzy alarming index rule for privacy analysis in smartphone apps. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds.) TrustBus 2017. LNCS, vol. 10442, pp. 3–18. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64483-7_1
Hatamian, M., Wairimu, S., Momen, N., Fritsch, L.: A privacy and security analysis of early-deployed Covid-19 contact tracing android apps. Empir. Softw. Eng. 26(3), 1–51 (2021)
Human, S., Cech, F.: A human-centric perspective on digital consenting: the case of GAFAM. In: Zimmermann, A., Howlett, R.J., Jain, L.C. (eds.) Human Centred Intelligent Systems. SIST, vol. 189, pp. 139–159. Springer, Singapore (2021). https://doi.org/10.1007/978-981-15-5784-2_12
Momen, N., Hatamian, M., Fritsch, L.: Did App privacy improve after the GDPR? IEEE Secur. Privacy 17(6), 10–20 (2019)
Montgomery, B.: Future shock: IOT benefits beyond traffic and lighting energy optimization. IEEE Consum. Electr. Mag. 4(4), 98–100 (2015)
Pierce, J.: Smart home security cameras and shifting lines of creepiness: a design-led inquiry. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2019)
Razaghpanah, A., et al.: Haystack: In situ mobile traffic analysis in user space. CoRR, abs/1510.01419, 2015
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc IEEE 63(9), 1278–1308 (1975)
Stach, C., Steimle, F.: Recommender-based privacy requirements elicitation-epicurean: an approach to simplify privacy settings in IoT applications with respect to the GDPR. In: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, pp. 1500–1507 (2019)
Sunyaev, A., Dehling, T., Taylor, P.L., Mandl. K.D.: Availability and quality of mobile health app privacy policies. In: American Medical Informatics Association, pp. 288–33 (2015)
Acknowledgment
We would like to thank Majid Hatamian for his great support and guidance throughout all the different steps of the experiments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Schmitt, V., Nicholson, J., Möller, S. (2023). Is Your Surveillance Camera App Watching You? A Privacy Analysis. In: Arai, K. (eds) Intelligent Computing. SAI 2023. Lecture Notes in Networks and Systems, vol 739. Springer, Cham. https://doi.org/10.1007/978-3-031-37963-5_93
Download citation
DOI: https://doi.org/10.1007/978-3-031-37963-5_93
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-37962-8
Online ISBN: 978-3-031-37963-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)