Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
143 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

IDPFilter: Mitigating Interdependent Privacy Issues in Third-Party Apps (2405.01411v1)

Published 2 May 2024 in cs.CR

Abstract: Third-party applications have become an essential part of today's online ecosystem, enhancing the functionality of popular platforms. However, the intensive data exchange underlying their proliferation has increased concerns about interdependent privacy (IDP). This paper provides a comprehensive investigation into the previously underinvestigated IDP issues of third-party apps. Specifically, first, we analyze the permission structure of multiple app platforms, identifying permissions that have the potential to cause interdependent privacy issues by enabling a user to share someone else's personal data with an app. Second, we collect datasets and characterize the extent to which existing apps request these permissions, revealing the relationship between characteristics such as the respective app platform, the app's type, and the number of interdependent privacy-related permissions it requests. Third, we analyze the various reasons IDP is neglected by both data protection regulations and app platforms and then devise principles that should be followed when designing a mitigation solution. Finally, based on these principles and satisfying clearly defined objectives, we propose IDPFilter, a platform-agnostic API that enables application providers to minimize collateral information collection by filtering out data collected from their users but implicating others as data subjects. We implement a proof-of-concept prototype, IDPTextFilter, that implements the filtering logic on textual data, and provide its initial performance evaluation with regard to privacy, accuracy, and efficiency.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (38)
  1. Interdependent privacy: Let me share your data. In Ahmad-Reza Sadeghi, editor, Financial Cryptography and Data Security - 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013, Revised Selected Papers, volume 7859 of Lecture Notes in Computer Science, pages 338–353. Springer, 2013.
  2. Collateral damage of facebook third-party applications: a comprehensive study. Comput. Secur., 77:179–208, 2018.
  3. Consensual and privacy-preserving sharing of multi-subject and interdependent data. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. The Internet Society, 2018.
  4. Collective privacy management in social networks. In Juan Quemada, Gonzalo León, Yoëlle S. Maarek, and Wolfgang Nejdl, editors, Proceedings of the 18th International Conference on World Wide Web, WWW 2009, Madrid, Spain, April 20-24, 2009, pages 521–530. ACM, 2009.
  5. Danah Boyd. Networked privacy. Surveillance & society, 10(3/4):348, 2012.
  6. My data, your data, our data: Managing privacy preferences in multiple subjects personal data. In Bart Preneel and Demosthenes Ikonomou, editors, Privacy Technologies and Policy - Second Annual Privacy Forum, APF 2014, Athens, Greece, May 20-21, 2014. Proceedings, volume 8450 of Lecture Notes in Computer Science, pages 154–171. Springer, 2014.
  7. A survey on interdependent privacy. ACM Comput. Surv., 52(6):122:1–122:40, 2020.
  8. Quantifying interdependent privacy risks with location data. IEEE Trans. Mob. Comput., 16(3):829–842, 2017.
  9. Addressing the concerns of the lacks family: quantification of kin genomic privacy. In Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung, editors, 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS’13, Berlin, Germany, November 4-8, 2013, pages 1141–1152. ACM, 2013.
  10. Third-party apps on facebook: privacy and the illusion of control. In Proceedings of the 5th ACM symposium on computer human interaction for management of information technology, pages 1–10, 2011.
  11. Privacy: Is there an app for that? In Proceedings of the Seventh Symposium on Usable Privacy and Security, pages 1–20, 2011.
  12. Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale. In International Conference on Trust and Trustworthy Computing, pages 291–307. Springer, 2012.
  13. Is this app safe?: a large scale study on application permissions and risk signals. In Alain Mille, Fabien Gandon, Jacques Misselis, Michael Rabinovich, and Steffen Staab, editors, Proceedings of the 21st World Wide Web Conference 2012, WWW 2012, Lyon, France, April 16-20, 2012, pages 311–320. ACM, 2012.
  14. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Notices, 49(6):259–269, 2014.
  15. 50 ways to leak your data: An exploration of apps’ circumvention of the android permissions system. In 28th {{\{{USENIX}}\}} Security Symposium ({{\{{USENIX}}\}} Security 19), pages 603–620, 2019.
  16. Privacy as part of the app decision-making process. In Proceedings of the SIGCHI conference on human factors in computing systems, pages 3393–3402, 2013.
  17. Yu Pu and Jens Grossklags. Towards a model on the factors influencing social app users’ valuation of interdependent privacy. Proc. Priv. Enhancing Technol., 2016(2):61–81, 2016.
  18. ”if you can’t beat them, join them”: A usability approach to interdependent privacy in cloud apps. CoRR, abs/1702.08234, 2017.
  19. Data breach notification: Issues and challenges for security management. In 10th Mediterranean Conference on Information Systems, MCIS 2016, Paphos, Cyprus, 4-6 September 2016, page 60. University of Nicosia / AISeL, 2016.
  20. Brendan Van Alsenoy. Regulating data protection: the allocation of responsibility and risk among actors involved in personal data processing. PhD thesis, 2016.
  21. Your data is my data: a framework for addressing interdependent privacy infringements. Journal of Public Policy & Marketing, 38(4):433–450, 2019.
  22. My data, your data, our data: Managing privacy preferences in multiple subjects personal data. In Annual Privacy Forum, pages 154–171. Springer, 2014.
  23. Won’t you think of others?: Interdependent privacy in smartphone app permissions. Proc. ACM Hum.-Comput. Interact., 5(CSCW2), oct 2021.
  24. Designing a gdpr-compliant and usable privacy dashboard. In Marit Hansen, Eleni Kosta, Igor Nai Fovino, and Simone Fischer-Hübner, editors, Privacy and Identity Management. The Smart Revolution - 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017, Revised Selected Papers, volume 526 of IFIP Advances in Information and Communication Technology, pages 221–236. Springer, 2017.
  25. Two-sided network effects: A theory of information product design. Management science, 51(10):1494–1504, 2005.
  26. Exploring interdependent privacy – empirical insights into users’ protection of others’ privacy on online platforms. Electronic Markets, 32(4):2293–2309, Dec 2022.
  27. Photo privacy conflicts in social media: A large-scale empirical study. In Proceedings of the 2017 CHI conference on human factors in computing systems, pages 3821–3832, 2017.
  28. Modeling and enhancing android’s permission system. In European Symposium on Research in Computer Security, pages 1–18. Springer, 2012.
  29. Run-time enforcement of information-flow properties on android. In European Symposium on Research in Computer Security, pages 775–792. Springer, 2013.
  30. Ann Cavoukian. Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada, 5:12, 2009.
  31. Jaap-Henk Hoepman. Privacy design strategies. In Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, and Thierry Sans, editors, ICT Systems Security and Privacy Protection, pages 446–459, Berlin, Heidelberg, 2014. Springer Berlin Heidelberg.
  32. Engineering privacy by design. Computers, Privacy & Data Protection, 14(3):25, 2011.
  33. Vikash Singh. Replace or retrieve keywords in documents at scale. CoRR, abs/1711.00046, 2017.
  34. Practical KMP/BM style pattern-matching on indeterminate strings. CoRR, abs/2204.08331, 2022.
  35. V. Singh. Replace or Retrieve Keywords In Documents at Scale. ArXiv e-prints, October 2017.
  36. Word length, sentence length and frequency–zipf revisited. Studia linguistica, 58(1):37–52, 2004.
  37. What does it mean for a language model to preserve privacy? In Proceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency, pages 2280–2292, 2022.
  38. Interdependent privacy issues are pervasive among third-party applications. In Joaquín García-Alfaro, Jose Luis Muñoz-Tapia, Guillermo Navarro-Arribas, and Miguel Soriano, editors, Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Darmstadt, Germany, October 8, 2021, Revised Selected Papers, volume 13140 of Lecture Notes in Computer Science, pages 70–86. Springer, 2021.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now