Identifying Organizations Receiving Personal Data in Android Apps
David Rodriguez, Miguel Cozar, Jose Alamo
2022
Abstract
Many studies have demonstrated that mobile applications are common means to collect massive amounts of personal data. This goes unnoticed by most users, who are also unaware that many different organizations are receiving this data, even from multiple apps in parallel. This paper assesses different techniques to identify the organizations that are receiving personal data flows in the Android ecosystem, namely the WHOIS service, SSL certificates inspection, and privacy policy textual analysis. Based on our findings, we propose a fully automated method that combines the most successful techniques, achieving a 94.73% precision score in identifying the recipient organization. We further demonstrate our method by evaluating 1,000 Android apps and exposing the corporations that collect the users’ personal data.
DownloadPaper Citation
in Harvard Style
Rodriguez D., Cozar M. and Alamo J. (2022). Identifying Organizations Receiving Personal Data in Android Apps. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 592-596. DOI: 10.5220/0011290100003283
in Bibtex Style
@conference{secrypt22,
author={David Rodriguez and Miguel Cozar and Jose Alamo},
title={Identifying Organizations Receiving Personal Data in Android Apps},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={592-596},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011290100003283},
isbn={978-989-758-590-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Identifying Organizations Receiving Personal Data in Android Apps
SN - 978-989-758-590-6
AU - Rodriguez D.
AU - Cozar M.
AU - Alamo J.
PY - 2022
SP - 592
EP - 596
DO - 10.5220/0011290100003283