The AppChk Crowd-Sourcing Platform: Which third parties are iOS apps talking to?

@inproceedings{Geier2021TheAC,
  title={The AppChk Crowd-Sourcing Platform: Which third parties are iOS apps talking to?},
  author={Oleg Geier and Dominik Herrmann},
  booktitle={SEC},
  year={2021}
}
In this paper we present a platform which is usable by novice users without domain knowledge of experts. The platform consisting of an iOS app to monitor network traffic and a website to evaluate the results. Monitoring takes place on-device; no external server is required. Users can record and share network activity, compare evaluation results, and create rankings on apps and app-groups. The results are used to detect new trackers, point out misconduct in privacy practices, or automate… 
1 Citations

TrackerControl: Transparency and Choice around App Tracking

Third-party tracking allows companies to collect users’ behavioural data, track their activity across digital devices, and potentially share this data with third-party companies. This can put deep

References

SHOWING 1-10 OF 18 REFERENCES

Should You Use the App for That?: Comparing the Privacy Implications of App- and Web-based Online Services

TLDR
While it is found that all platforms expose users' data, there are still opportunities to significantly limit how much information is shared with other parties by selectively using the app or Web version of a service.

The Long-Standing Privacy Debate: Mobile Websites vs Mobile Apps

TLDR
An anti-tracking mechanism that enable the users to access an online service through a mobile app without risking their privacy, and is able to preserve the privacy of the user by reducing the leaking identifiers of apps by 27.41% on average, while it imposes a practically negligible latency of less than 1 millisecond per request.

Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem

TLDR
An app named “ALManager” is developed that leverages the Xposed framework to manage analytics libraries in other apps and shows that some apps indeed leak users’ personal information through analytics libraries even though their genuine purposes of using analytics services are legal.

Clearing the Hurdles: How to Design Privacy Nudges for Mobile Application Users

TLDR
A framework of user requirements is presented, which can guide the development of analytic tools and nudge mobile application users towards privacy, make informed privacy decisions, and possibly change apps from the provider side.

Dynamic Privacy Leakage Analysis of Android Third-Party Libraries

TLDR
This paper identifies three types of privacy leakage path inside apps, and finds the third-party libraries access to privacy information account for the largest proportion, and most of third- party libraries have direct network connections and the correspondent flows are inspected to validate the privacy leakage risk.

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

TLDR
This work empirically evaluates the validity of this assumption that paying for apps could offer consumers protection from behavioral advertising and long-term tracking by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps.

Fingerprinting Mobile Devices Using Personalized Configurations

TLDR
Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that all fingerprints are unique and distinguishable and utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time.

A Comparative Measurement Study of Web Tracking on Mobile and Desktop Environments

TLDR
Using WTPatrol, the first comparative measurement study of web tracking on 23,310 websites that have both mobile version and desktop version web-pages is performed and an in-depth comparison of the web tracking practices of those websites between mobile and desktop environments is conducted.

A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients

TLDR
Despite being a known issue, the experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage, and a range of best practices and countermeasures that can address these vulnerabilities are discussed.

PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites

TLDR
PrivacyScore is introduced, an automated website scanning portal that allows anyone to benchmark security and privacy features of multiple websites and can be used by data protection authorities to perform regularly scheduled compliance checks.