Keywords:  IoT, Privacy, Data Economy,

2017, 2018, 2019

Mobile App Privacy Analysis with AppCensus

Serge Egelman, Research Director, International Computer Science Institute, UC Berkeley
Kenneth Bamberger, Professor/Faculty Director, School of Law, UC Berkeley
Narseo Vallina-Rodriguez, Research Scientist/Assistant Research Professor, International Computer Science Institute, UC Berkeley|IMDEA Networks
Irwin Reyes, Researcher, International Computer Science Institute, UC Berkeley
Primal Wijesekera, Staff Research Scientist, International Computer Science Institute, UC Berkeley

Over the past several years, our research team has developed infrastructure that gives us an unprecedented view into the privacy behaviors of Android apps. AppCensus is our dynamic analysis testbed that combines bespoke instrumentation within the operating system itself with sophisticated network analysis tools, which allows us to detect exactly when applications attempt to access sensitive user data and then monitor with whom it is shared. As a case study last year, we used this infrastructure to examine children's apps' compliance with the Children's Online Privacy Protection Act (COPPA) and found that a majority of applications in the Google Play Store appear to be violating this federal law. The publication of that research led to several enforcement actions brought by regulators, as well as several class action lawsuits against app developers and advertisers. We are now seeking an additional year of funding to perform additional research using this existing infrastructure.