Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)

Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy n...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2023-04
Hauptverfasser: Samarin, Nikita, Kothari, Shayna, Siyed, Zaina, Bjorkman, Oscar, Yuan, Reena, Wijesekera, Primal, Alomar, Noura, Fischer, Jordan, Hoofnagle, Chris, Egelman, Serge
Format: Artikel
Sprache:eng
Schlagworte:
Communications traffic
Consumers
Privacy
Right to know
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Samarin, Nikita
Kothari, Shayna
Siyed, Zaina
Bjorkman, Oscar
Yuan, Reena
Wijesekera, Primal
Alomar, Noura
Fischer, Jordan
Hoofnagle, Chris
Egelman, Serge
description The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy notices and respond to "verifiable consumer requests" (VCRs) by disclosing personal information that they have collected, used, or shared about consumers for a business or commercial purpose. We compared the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies and the data contained in responses to "right to know" requests that we submitted to the app's developers. Of the 69 app developers who substantively replied to our requests, all but one provided specific pieces of personal data (as opposed to only categorical information). However, a significant percentage of apps collected information that was not disclosed, including identifiers (55 apps, 80%), geolocation data (21 apps, 30%), and sensory data (18 apps, 26%) among other categories. We discuss improvements to the CCPA that could help app developers comply with "right to know" requests and other related regulations.
format Article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2795080567</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2795080567</sourcerecordid><originalsourceid>FETCH-proquest_journals_27950805673</originalsourceid><addsrcrecordid>eNqNi7EKwjAUAIMgWLT_8MBFh0JMbatuJSoODiLiWkL7itGaxLxW8e918AOcbri7HgtEHM-ixVyIAQuJrpxzkWYiSeKA3fZIZA2BNnCWRziiU9qvQNq7a7QyJYKtITeVt7qC3DlY4xMb69ATvHR7gfaCIFWja-uNVt_RUHdHDwevn6p8Q162MJHykE9HrF-rhjD8ccjG281J7iLn7aNDaour7bz5qkJky4QveJJm8X_VByieRuI</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2795080567</pqid></control><display><type>article</type><title>Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)</title><source>Free E- Journals</source><creator>Samarin, Nikita ; Kothari, Shayna ; Siyed, Zaina ; Bjorkman, Oscar ; Yuan, Reena ; Wijesekera, Primal ; Alomar, Noura ; Fischer, Jordan ; Hoofnagle, Chris ; Egelman, Serge</creator><creatorcontrib>Samarin, Nikita ; Kothari, Shayna ; Siyed, Zaina ; Bjorkman, Oscar ; Yuan, Reena ; Wijesekera, Primal ; Alomar, Noura ; Fischer, Jordan ; Hoofnagle, Chris ; Egelman, Serge</creatorcontrib><description>The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy notices and respond to "verifiable consumer requests" (VCRs) by disclosing personal information that they have collected, used, or shared about consumers for a business or commercial purpose. We compared the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies and the data contained in responses to "right to know" requests that we submitted to the app's developers. Of the 69 app developers who substantively replied to our requests, all but one provided specific pieces of personal data (as opposed to only categorical information). However, a significant percentage of apps collected information that was not disclosed, including identifiers (55 apps, 80%), geolocation data (21 apps, 30%), and sensory data (18 apps, 26%) among other categories. We discuss improvements to the CCPA that could help app developers comply with "right to know" requests and other related regulations.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Communications traffic ; Consumers ; Privacy ; Right to know</subject><ispartof>arXiv.org, 2023-04</ispartof><rights>2023. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>777,781</link.rule.ids></links><search><creatorcontrib>Samarin, Nikita</creatorcontrib><creatorcontrib>Kothari, Shayna</creatorcontrib><creatorcontrib>Siyed, Zaina</creatorcontrib><creatorcontrib>Bjorkman, Oscar</creatorcontrib><creatorcontrib>Yuan, Reena</creatorcontrib><creatorcontrib>Wijesekera, Primal</creatorcontrib><creatorcontrib>Alomar, Noura</creatorcontrib><creatorcontrib>Fischer, Jordan</creatorcontrib><creatorcontrib>Hoofnagle, Chris</creatorcontrib><creatorcontrib>Egelman, Serge</creatorcontrib><title>Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)</title><title>arXiv.org</title><description>The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy notices and respond to "verifiable consumer requests" (VCRs) by disclosing personal information that they have collected, used, or shared about consumers for a business or commercial purpose. We compared the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies and the data contained in responses to "right to know" requests that we submitted to the app's developers. Of the 69 app developers who substantively replied to our requests, all but one provided specific pieces of personal data (as opposed to only categorical information). However, a significant percentage of apps collected information that was not disclosed, including identifiers (55 apps, 80%), geolocation data (21 apps, 30%), and sensory data (18 apps, 26%) among other categories. We discuss improvements to the CCPA that could help app developers comply with "right to know" requests and other related regulations.</description><subject>Communications traffic</subject><subject>Consumers</subject><subject>Privacy</subject><subject>Right to know</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNqNi7EKwjAUAIMgWLT_8MBFh0JMbatuJSoODiLiWkL7itGaxLxW8e918AOcbri7HgtEHM-ixVyIAQuJrpxzkWYiSeKA3fZIZA2BNnCWRziiU9qvQNq7a7QyJYKtITeVt7qC3DlY4xMb69ATvHR7gfaCIFWja-uNVt_RUHdHDwevn6p8Q162MJHykE9HrF-rhjD8ccjG281J7iLn7aNDaour7bz5qkJky4QveJJm8X_VByieRuI</recordid><startdate>20230403</startdate><enddate>20230403</enddate><creator>Samarin, Nikita</creator><creator>Kothari, Shayna</creator><creator>Siyed, Zaina</creator><creator>Bjorkman, Oscar</creator><creator>Yuan, Reena</creator><creator>Wijesekera, Primal</creator><creator>Alomar, Noura</creator><creator>Fischer, Jordan</creator><creator>Hoofnagle, Chris</creator><creator>Egelman, Serge</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20230403</creationdate><title>Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)</title><author>Samarin, Nikita ; Kothari, Shayna ; Siyed, Zaina ; Bjorkman, Oscar ; Yuan, Reena ; Wijesekera, Primal ; Alomar, Noura ; Fischer, Jordan ; Hoofnagle, Chris ; Egelman, Serge</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_27950805673</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Communications traffic</topic><topic>Consumers</topic><topic>Privacy</topic><topic>Right to know</topic><toplevel>online_resources</toplevel><creatorcontrib>Samarin, Nikita</creatorcontrib><creatorcontrib>Kothari, Shayna</creatorcontrib><creatorcontrib>Siyed, Zaina</creatorcontrib><creatorcontrib>Bjorkman, Oscar</creatorcontrib><creatorcontrib>Yuan, Reena</creatorcontrib><creatorcontrib>Wijesekera, Primal</creatorcontrib><creatorcontrib>Alomar, Noura</creatorcontrib><creatorcontrib>Fischer, Jordan</creatorcontrib><creatorcontrib>Hoofnagle, Chris</creatorcontrib><creatorcontrib>Egelman, Serge</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Samarin, Nikita</au><au>Kothari, Shayna</au><au>Siyed, Zaina</au><au>Bjorkman, Oscar</au><au>Yuan, Reena</au><au>Wijesekera, Primal</au><au>Alomar, Noura</au><au>Fischer, Jordan</au><au>Hoofnagle, Chris</au><au>Egelman, Serge</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)</atitle><jtitle>arXiv.org</jtitle><date>2023-04-03</date><risdate>2023</risdate><eissn>2331-8422</eissn><abstract>The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy notices and respond to "verifiable consumer requests" (VCRs) by disclosing personal information that they have collected, used, or shared about consumers for a business or commercial purpose. We compared the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies and the data contained in responses to "right to know" requests that we submitted to the app's developers. Of the 69 app developers who substantively replied to our requests, all but one provided specific pieces of personal data (as opposed to only categorical information). However, a significant percentage of apps collected information that was not disclosed, including identifiers (55 apps, 80%), geolocation data (21 apps, 30%), and sensory data (18 apps, 26%) among other categories. We discuss improvements to the CCPA that could help app developers comply with "right to know" requests and other related regulations.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2023-04
issn 2331-8422
language eng
recordid cdi_proquest_journals_2795080567
source Free E- Journals
subjects Communications traffic
Consumers
Privacy
Right to know
title Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T03%3A51%3A14IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Lessons%20in%20VCR%20Repair:%20Compliance%20of%20Android%20App%20Developers%20with%20the%20California%20Consumer%20Privacy%20Act%20(CCPA)&rft.jtitle=arXiv.org&rft.au=Samarin,%20Nikita&rft.date=2023-04-03&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2795080567%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2795080567&rft_id=info:pmid/&rfr_iscdi=true