Keeping Privacy Labels Honest
At the end of 2020, Apple introduced privacy nutritional labels, requiring app developers to state what data is collected by their apps and for what purpose. In this paper, we take an in-depth look at the privacy labels and how they relate to actual transmitted data. First, we give an exploratory st...
Gespeichert in:
| Veröffentlicht in: | Proceedings on Privacy Enhancing Technologies 2022-10, Vol.2022 (4), p.486-506 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 506 |
|---|---|
| container_issue | 4 |
| container_start_page | 486 |
| container_title | Proceedings on Privacy Enhancing Technologies |
| container_volume | 2022 |
| creator | Koch, Simon Wessels, Malte Altpeter, Benjamin Olvermann, Madita Johns, Martin |
| description | At the end of 2020, Apple introduced privacy nutritional labels, requiring app developers to state what data is collected by their apps and for what purpose. In this paper, we take an in-depth look at the privacy labels and how they relate to actual transmitted data. First, we give an exploratory statistically evaluation of 11074 distinct apps across 22 categories and their corresponding privacy label or lack thereof. Our dataset shows that only some apps provide privacy labels, and a small number self-declare that they do not collect any data. Additionally, our statistical methods showcase the differences of the privacy labels across application categories. We then select a subset of 1687 apps across 22 categories from the German App Store to conduct a no-touch traffic collection study. We analyse the traffic against a set of 18 honey-data points and a list of known advertisement and tracking domains. At least 276 of these apps violate their privacy label by transmitting data without declaration, showing that the privacy labels’ correctness was not validated during the app approval process. In addition, we evaluate the apps’ adherence to the GDPR in respect of providing a privacy consent form, through collected screenshots, and identify numerous potential violations of the directive. |
| doi_str_mv | 10.56553/popets-2022-0119 |
| format | Article |
| fullrecord | <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_56553_popets_2022_0119</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_56553_popets_2022_0119</sourcerecordid><originalsourceid>FETCH-LOGICAL-c859-e88312476a143b8206fb5b0f802c5bbea6c7f9ac02f9ee8aff7c80ba69c4723b3</originalsourceid><addsrcrecordid>eNpNz8FKAzEUheEgFiy1D9CFMC8QvfdmkkmWUtQWB3TRfUjCjYzUzpAUoW8vtS5cnX914BNihXCvjdbqYRonPlZJQCQB0V2JOZFzEpxtr__1jVjW-gkAaDSitnNx98o8DYeP5r0M3yGdmj5E3tdmMx64Hm_FLId95eXfLsTu-Wm33sj-7WW7fuxlstpJtlYhtZ0J2KpoCUyOOkK2QEnHyMGkLruQgLJjtiHnLlmIwbjUdqSiWgi83KYy1lo4-6kMX6GcPIL_FfqL0J-F_ixUP8mgRI0</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Keeping Privacy Labels Honest</title><source>EZB Electronic Journals Library</source><creator>Koch, Simon ; Wessels, Malte ; Altpeter, Benjamin ; Olvermann, Madita ; Johns, Martin</creator><creatorcontrib>Koch, Simon ; Wessels, Malte ; Altpeter, Benjamin ; Olvermann, Madita ; Johns, Martin</creatorcontrib><description>At the end of 2020, Apple introduced privacy nutritional labels, requiring app developers to state what data is collected by their apps and for what purpose. In this paper, we take an in-depth look at the privacy labels and how they relate to actual transmitted data. First, we give an exploratory statistically evaluation of 11074 distinct apps across 22 categories and their corresponding privacy label or lack thereof. Our dataset shows that only some apps provide privacy labels, and a small number self-declare that they do not collect any data. Additionally, our statistical methods showcase the differences of the privacy labels across application categories. We then select a subset of 1687 apps across 22 categories from the German App Store to conduct a no-touch traffic collection study. We analyse the traffic against a set of 18 honey-data points and a list of known advertisement and tracking domains. At least 276 of these apps violate their privacy label by transmitting data without declaration, showing that the privacy labels’ correctness was not validated during the app approval process. In addition, we evaluate the apps’ adherence to the GDPR in respect of providing a privacy consent form, through collected screenshots, and identify numerous potential violations of the directive.</description><identifier>ISSN: 2299-0984</identifier><identifier>EISSN: 2299-0984</identifier><identifier>DOI: 10.56553/popets-2022-0119</identifier><language>eng</language><ispartof>Proceedings on Privacy Enhancing Technologies, 2022-10, Vol.2022 (4), p.486-506</ispartof><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Koch, Simon</creatorcontrib><creatorcontrib>Wessels, Malte</creatorcontrib><creatorcontrib>Altpeter, Benjamin</creatorcontrib><creatorcontrib>Olvermann, Madita</creatorcontrib><creatorcontrib>Johns, Martin</creatorcontrib><title>Keeping Privacy Labels Honest</title><title>Proceedings on Privacy Enhancing Technologies</title><description>At the end of 2020, Apple introduced privacy nutritional labels, requiring app developers to state what data is collected by their apps and for what purpose. In this paper, we take an in-depth look at the privacy labels and how they relate to actual transmitted data. First, we give an exploratory statistically evaluation of 11074 distinct apps across 22 categories and their corresponding privacy label or lack thereof. Our dataset shows that only some apps provide privacy labels, and a small number self-declare that they do not collect any data. Additionally, our statistical methods showcase the differences of the privacy labels across application categories. We then select a subset of 1687 apps across 22 categories from the German App Store to conduct a no-touch traffic collection study. We analyse the traffic against a set of 18 honey-data points and a list of known advertisement and tracking domains. At least 276 of these apps violate their privacy label by transmitting data without declaration, showing that the privacy labels’ correctness was not validated during the app approval process. In addition, we evaluate the apps’ adherence to the GDPR in respect of providing a privacy consent form, through collected screenshots, and identify numerous potential violations of the directive.</description><issn>2299-0984</issn><issn>2299-0984</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><recordid>eNpNz8FKAzEUheEgFiy1D9CFMC8QvfdmkkmWUtQWB3TRfUjCjYzUzpAUoW8vtS5cnX914BNihXCvjdbqYRonPlZJQCQB0V2JOZFzEpxtr__1jVjW-gkAaDSitnNx98o8DYeP5r0M3yGdmj5E3tdmMx64Hm_FLId95eXfLsTu-Wm33sj-7WW7fuxlstpJtlYhtZ0J2KpoCUyOOkK2QEnHyMGkLruQgLJjtiHnLlmIwbjUdqSiWgi83KYy1lo4-6kMX6GcPIL_FfqL0J-F_ixUP8mgRI0</recordid><startdate>202210</startdate><enddate>202210</enddate><creator>Koch, Simon</creator><creator>Wessels, Malte</creator><creator>Altpeter, Benjamin</creator><creator>Olvermann, Madita</creator><creator>Johns, Martin</creator><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>202210</creationdate><title>Keeping Privacy Labels Honest</title><author>Koch, Simon ; Wessels, Malte ; Altpeter, Benjamin ; Olvermann, Madita ; Johns, Martin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c859-e88312476a143b8206fb5b0f802c5bbea6c7f9ac02f9ee8aff7c80ba69c4723b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Koch, Simon</creatorcontrib><creatorcontrib>Wessels, Malte</creatorcontrib><creatorcontrib>Altpeter, Benjamin</creatorcontrib><creatorcontrib>Olvermann, Madita</creatorcontrib><creatorcontrib>Johns, Martin</creatorcontrib><collection>CrossRef</collection><jtitle>Proceedings on Privacy Enhancing Technologies</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Koch, Simon</au><au>Wessels, Malte</au><au>Altpeter, Benjamin</au><au>Olvermann, Madita</au><au>Johns, Martin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Keeping Privacy Labels Honest</atitle><jtitle>Proceedings on Privacy Enhancing Technologies</jtitle><date>2022-10</date><risdate>2022</risdate><volume>2022</volume><issue>4</issue><spage>486</spage><epage>506</epage><pages>486-506</pages><issn>2299-0984</issn><eissn>2299-0984</eissn><abstract>At the end of 2020, Apple introduced privacy nutritional labels, requiring app developers to state what data is collected by their apps and for what purpose. In this paper, we take an in-depth look at the privacy labels and how they relate to actual transmitted data. First, we give an exploratory statistically evaluation of 11074 distinct apps across 22 categories and their corresponding privacy label or lack thereof. Our dataset shows that only some apps provide privacy labels, and a small number self-declare that they do not collect any data. Additionally, our statistical methods showcase the differences of the privacy labels across application categories. We then select a subset of 1687 apps across 22 categories from the German App Store to conduct a no-touch traffic collection study. We analyse the traffic against a set of 18 honey-data points and a list of known advertisement and tracking domains. At least 276 of these apps violate their privacy label by transmitting data without declaration, showing that the privacy labels’ correctness was not validated during the app approval process. In addition, we evaluate the apps’ adherence to the GDPR in respect of providing a privacy consent form, through collected screenshots, and identify numerous potential violations of the directive.</abstract><doi>10.56553/popets-2022-0119</doi><tpages>21</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2299-0984 |
| ispartof | Proceedings on Privacy Enhancing Technologies, 2022-10, Vol.2022 (4), p.486-506 |
| issn | 2299-0984 2299-0984 |
| language | eng |
| recordid | cdi_crossref_primary_10_56553_popets_2022_0119 |
| source | EZB Electronic Journals Library |
| title | Keeping Privacy Labels Honest |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-01T07%3A55%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Keeping%20Privacy%20Labels%20Honest&rft.jtitle=Proceedings%20on%20Privacy%20Enhancing%20Technologies&rft.au=Koch,%20Simon&rft.date=2022-10&rft.volume=2022&rft.issue=4&rft.spage=486&rft.epage=506&rft.pages=486-506&rft.issn=2299-0984&rft.eissn=2299-0984&rft_id=info:doi/10.56553/popets-2022-0119&rft_dat=%3Ccrossref%3E10_56553_popets_2022_0119%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |