An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps

Fan, Ming; Yu, Le; Chen, Sen; Zhou, Hao; Wang, Liu; Li, Shuyue; Liu, Yang; Liu, Jun; Liu, Ting

doi:10.1109/issre5003.2020.00032

Cited by 56 publications

(31 citation statements)

References 40 publications

(44 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While our work focuses on different GDPR requirements, the Jia's work could be seen as complementary to our work as the detection method could minimize the false-negative rate. Fan et al [43] relied on static analysis and privacy policy analysis to carry out an empirical assessment of GDPR compliance in Android MHealth Apps, focusing on transparency, data minimization and confidentiality requirements. In transparency, they checked whether six different practices are informed through privacy policies, but cross-border transfer practices are not covered.…”

Section: B Gdpr Analysis In Android Appsmentioning

confidence: 99%

“…Focusing on GDPR, Fan et al [14] empirically assessed transparency, data minimization, and confidentiality requirements in Android mHealth apps, checking whether six different practices are informed through privacy policies. Mangset [15] also checked GDPR requirements related to transparency, data minimization (collection practices), confidentiality (data at rest in transit), and some user rights (particularly, consent and objection automatically individual decision-making).…”

Section: Related Workmentioning

confidence: 99%

“…Domains not classified as firstparty recipients were searched in webXray 13 ; if found, they were classified as third-party recipients. This dataset 14 has been created in the specific context of disclosing personal data to third parties in the web and mobile ecosystem. It maps individual target domains to the owner company and even to parent companies, including the country in which the headquarters are located and service category.…”

Section: Class Precisionmentioning

confidence: 99%

“…Domains not classified as a firstor third-party recipient were classified as unknown and excluded from further analysis. 13 https://webxray.org/ 14 As a further contribution of this study, we added 234 new domains to the dataset maintained by a research community, available at https://github.com/PrivApp/webXray_Domain_Owner_List .…”

Section: Class Precisionmentioning

confidence: 99%

See 3 more Smart Citations

GDPR Compliance Assessment for Cross-Border Personal Data Transfers in Android Apps

2021

View full text Add to dashboard Cite

The pervasiveness of Android mobile applications and the services they support allow the personal data of individuals to be collected and shared worldwide. However, data protection legislations usually require all participants in a personal data flow to ensure an equivalent level of personal data protection, regardless of location. In particular, the European General Data Protection Regulation constrains cross-border transfers of personal data to non-EU countries and establishes specific requirements to carry them out. This paper presents a method to systematically assess compliance of Android mobile apps with the requirements for cross-border transfers established by the European data protection regulation. We have validated the method with one hundred Android apps, finding an outstanding 66% of ambiguous, inconsistent and omitted cross-border transfer disclosures.

show abstract

Section: B Gdpr Analysis In Android Appsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Class Precisionmentioning

confidence: 99%

Section: Class Precisionmentioning

confidence: 99%

See 2 more Smart Citations

GDPR Compliance Assessment for Cross-Border Personal Data Transfers in Android Apps

2021

View full text Add to dashboard Cite

show abstract

“…On the one hand, the data collected can be leveraged to improve the app, but on the other hand, it can result in privacy leakages. For example, obtaining preferences from users may violate privacy protection rules, such as GDPR [77], [78].…”

Section: Apms In Practicementioning

confidence: 99%

Demystifying Application Performance Management Libraries for Android

Tang

Zhan

Zhou

et al. 2019

2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)

Self Cite

View full text Add to dashboard Cite

Being able to automatically detect the performance issues in apps can significantly improve apps' quality as well as having a positive influence on user satisfaction. Application Performance Management (APM) libraries are used to locate the apps' performance bottleneck, monitor their behaviors at runtime, and identify potential security risks. Although app developers have been exploiting application performance management (APM) tools to capture these potential performance issues, most of them do not fully understand the internals of these APM tools and the effect on their apps. To fill this gap, in this paper, we conduct the first systematic study on APMs for apps by scrutinizing 25 widely-used APMs for Android apps and develop a framework named APMHunter for exploring the usage of APMs in Android apps. Using APMHunter, we conduct a large-scale empirical study on 500,000 Android apps to explore the usage patterns of APMs and discover the potential misuses of APMs. We obtain two major findings: 1) some APMs still employ deprecated permissions and approaches, which makes APMs fail to perform as expected; 2) inappropriate use of APMs can cause privacy leaks. Thus, our study suggests that both APM vendors and developers should design and use APMs scrupulously.

show abstract